KB "Running JIRA over SSL or HTTPS" needs review for Windows Standalone scenario

XMLWordPrintable

      There are three recommended updates to the KB Running JIRA over SSL or HTTPS
      based on customer feedback.

      1.

      When asked to "What is your first and last name" make sure you enter in the DNS name that you will use to access the host.

      This section is often missed, or misunderstood by users.
      It is recommended that this text is made more explicit, and formatted in a way that will enforce users to be able to easily see the instruction.

      2.
      The KB currently tells the user to use %JAVA_HOME% when generating / importing certificates, when in fact the JRE used by JIRA when running with the Windows Standalone version is bundled with JIRA. Therefore if the user follows these instructions explicitly the JRE that is running Tomcat does not have the SSL certificates in the truststore leading to Gadget 500 errors.

      %JAVA_HOME%\bin\keytool -import -alias tomcat -file file.cer -keystore %JAVA_HOME%\jre\lib\security\cacerts (Windows)

      would become:

      <install-dir>\jre\bin\keytool -import -alias tomcat -file file.cer -keystore <install-dir>\jre\lib\security\cacerts (Windows)

      3.
      The KB currently tells the user to use the following command when importing the certificate into the JRE truststore

      $JAVA_HOME/bin/keytool -import -alias tomcat -file file.cer -keystore $JAVA_HOME/jre/lib/security/cacerts (Unix)

      It is not apparent that this command by default will require superuser priveliges to execute.
      The above could become:

      sudo $JAVA_HOME/bin/keytool -import -alias tomcat -file file.cer -keystore $JAVA_HOME/jre/lib/security/cacerts (Unix)

        1. Running_JIRA_over_SSL_or_HTTPS_-_Draft.pdf
          175 kB
          Adam Stuckey [Atlassian]

              Assignee:
              Wazza
              Reporter:
              Adam Stuckey [Atlassian]
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: