Java default certs에 추가하는 방법:
/opt/jdk1.8.0_144/bin/keytool -import -alias almdemo.curvc.com -keystore /opt/jdk1.8.0_144/jre/lib/security/cacerts -file almdemo.curvc.com.cert |
private key와 암호를 확인한다.
# > openssl rsa -in privateKey.key |
인증서와 private key를 이용해 PKC12 type keystore 생성
# > openssl pkcs12 -export -in Wildcard.curvc.com.crt -inkey privateKey.key -out keystore.p12 -name atlassian |
위의 예에서 jira는 alias 이름이다.
|
# > keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -destkeystore atlassian.jks |
확인 방법:
# > keytool -list -keystore atlassian.jks Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries 1, Feb 4, 2018, PrivateKeyEntry, Certificate fingerprint (SHA1): 1D:A9:E4:44:0F:EC:EE:9B:B1:17:9B:B2:59:9E:CC:89:4E:3B:50:6A jira, Feb 4, 2018, PrivateKeyEntry, Certificate fingerprint (SHA1): 1D:A9:E4:44:0F:EC:EE:9B:B1:17:9B:B2:59:9E:CC:89:4E:3B:50:6A |
<JIRA_INSTALL>/conf/server.xml
before editing it.Edit the HTTPS connector so that it has the parameters that point to the KeyStore:
<Connector port= "8443" protocol= "org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize= "8192" SSLEnabled= "true" maxThreads= "150" minSpareThreads= "25" enableLookups= "false" disableUploadTimeout= "true" acceptCount= "100" scheme= "https" secure= "true" sslEnabledProtocol= "TLSv1.2" clientAuth= "false" sslProtocol= "TLSv1.2" useBodyEncodingForURI= "true" keyAlias= "jira" keystoreFile= "<JIRA_HOME>/jira.jks" keystorePass= "changeit" keystoreType= "JKS" /> |
Ensure to put the appropriate path in place of <JIRA_HOME>
and change the port as needed.
If the organization doesn't support the latest TLS version, you can fallback to version 1.0. Change:
sslEnabledProtocol= "TLSv1.2" |
To:
sslEnabledProtocol= "TLS" |
Edit the HTTP connector so that it redirects to the HTTPS connector:
<Connector acceptCount= "100" connectionTimeout= "20000" disableUploadTimeout= "true" enableLookups= "false" maxHttpHeaderSize= "8192" maxThreads= "150" minSpareThreads= "25" port= "8080" protocol= "HTTP/1.1" redirectPort= "<PORT_FROM_STEP_1>" useBodyEncodingForURI= "true" /> |
Ensure the <PORT_FROM_STEP_1>
is change to the appropriate value. In this example it would be 8443.
Save the changes to server.xml
.
You can also redirect users from HTTP URLs to HTTPS URLs by choosing the 'HTTP & HTTPS' profile in the JIRA configuration tool. This will redirect all HTTP URLs to HTTPS URLs. If you want to only redirect certain pages to HTTPS, you need to do this manually. To do this, select the 'HTTPS only' profile in the JIRA configuration tool and save the configuration, and then create an htaccess file on your web server that will manually redirect the HTTP URLs to the corresponding HTTPS URLs. |
2. Restart JIRA after you have saved your changes. |
These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.
|
If you need to check the information within a certificate, or Java keystore, use these commands.
|
|
|