Suppose you are the owner of your application. In that case, you should be familiar with the type of certificate installed in your application and if a client certificate needs to be shared in a mutual handshake scenario. SSL is a norm (for security reasons) for applications that run on HTTPS mode, though it is not the same for applications running on HTTP. No action will be required if you have implemented the method of using a certificate signed by a certificate authority that JVM recognizes by itself. However, if your application uses an internally signed certificate, you must also install a client certificate at ConnectALL's end. You can import an SSL certificate using ConnectALL UI or a key tool directly on the ConnectALL server.
Listed below are the steps to import a certificate, and we explain further below the procedures involved in each of those steps.
- Obtain the public key – You can obtain a public key in two ways. We've explained both options. Use the option that is more suitable for you.
- Import a certificate – You can either import using the ConnectALL UI (or) by using a key tool. The steps involved in both ways are explained below. Choose the way that you want to follow.
- Restart Tomcat.
1. Obtain the Public Key
There are two ways by which you can obtain the public key.
Option 1 is to get it directly from the web browser. Navigate to your application (Jira, ALM, etc.) URL in your web browser and export the SSL certificate using the browser's export certificate wizard.
Option 2 is to get it with OpenSSL. For this, use the below command:
|openssl s_client -connect jira.atlassian.com:https >file|
You have obtained the public key. The next step is to import the certificate.
2. Import Certificate
You can import a certificate using the UI (or) by using a key tool.
Upload and Import Using the UI
You must first upload a certificate before importing it. Let's see how it's done.
To upload the certificate,
- Click the cogwheel icon in the top-right corner.
- Click the SSL Import option from the drop-down list. The SSL Import screen will be displayed.
- Click Upload under the Upload SSL Certificate title bar. The local drives on your computer will be displayed.
- Select the certificate and click Open.
You have uploaded the certificate. The next step is to import the uploaded certificate.
Note that if only you completed the upload, the Import SSL Certificate section on the screen would be available to modify. So only after the import, will you be able to provide the Certificate File name or the Alias Name. Also, this screen will help you import certificates into the Java keystore and automatically detect the JRE keystore used by Tomcat.
- Enter the Certificate File name and Alias Name.
- Click the Edit option to edit the keystore path. Note that if the ConnectALL core service is running on a different JRE than Tomcat, you can click Edit to change the keystore path of JRE used by the ConnectALL core service.
- Enter the password of the certificate keystore file. (The default password for the keystore is usually changeit or changeme.)
- Click Import Certificate.
Import using Keytool
To import using a key tool, use the below command:
|key tool -import-alias jira.atlassian.com -keystore $JAVA_HOME/jre/lib/security/cacerts -file Jira.pem|
3. Restart Tomcat
The final step is to restart the Tomcat server. To learn how to restart it, click here.
This error is due to the limitation in JDK. To resolve, follow the steps below:
- Download Bouncy Castle jars:
- Copy these jars to JAVA_HOME/jre/lib/ext
Add the following line into JAVA_HOME/jre/lib/security/java.security file,
Note: You need to rearrange the order of other security providers and keep BouncyCastleProvider in position 1.
If one or more of the applications and/or mail server is using SSL, you might come across the following error when trying to connect to that server:
If this happens, make sure that the public key of the server is imported into the application server's keystore.