I ran into issues while getting the Comodo InstantSSL cert to work with Atlassian’s JIRA (which runs on top of Tomcat). I documented the steps here which outlines getting the cert working with JIRA/Tomcat.
When submitting the request for a cert to Comodo InstantSSL you need to have .csr and .key file. For the purposes of this example, I am going to call them jira.csr and jira.key.
Once these have been submitted, you receive a zip file back with 3 files in it (it should look similar to below):
As shown in the Atlassian documentation to implement HTTPS, it doesn’t mention the use of .crt files, but rather .cer files, which is of no use to us, so lets make this work.
- Copy over your jira.key file to the jira server
- Copy over the .zip file from comodo to the jira server
- Extract the contents of the .zip file to the jira server
- Create a keyout.pem file:
(You will be prompted for a passphrase, enter one that you would like to use)
- # openssl rsa -in jira.key -des -out keyout.pem
- Create certificate chain, and store as cert.pem:
- # cat AddTrustExternalCARoot.crt UTNAddTrustServerCA.crt jira_whatever_com.crt > cert.pem
- Create the .pkcs12 file using both the private key .pem file and cert .pem file
- # openssl pkcs12 -export -inkey keyout.pem -in cert.pem -out keystore.pkcs12
- Update your server.xml file (/path/to/jira/conf/server.xml) to reflect the changes with the following entries:
- keystoreFile=”" (the path & .pkcs12 file you created in step 6.1)
- keystorePass=”" (the password you chose in step 4.1)
- Example of what it should look like below:
<\Connector port=”443″ maxHttpHeaderSize=”8192″ SSLEnabled=”true” maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″ enableLookups=”false” disableUploadTimeout=”true” acceptCount=”100″ scheme=”https” secure=”true” clientAuth=”false” sslProtocol=”TLS” useBodyEncodingForURI=”true” keystoreFile=”/usr/jira/keystore.pkcs12″ keystoreType=”PKCS12″ keystorePass=”superp4ssw0rd!” />
You can now start JIRA and the certificate should be imported!