Specify the location of your certificateīy default, Tomcat expects the keystore file to be named. The Confluence mobile app requires minimum TLS 1.2. The default connector port for Confluence is 8090. You should also not disable the internal Synchrony proxy (by setting the system property to false) as this is known to cause problems when you're terminating SSL at Tomcat. See HTTP MaxThreads configuration for more information about this.ĭon't remove or comment out the http connector, as the Synchrony proxy health check, still requires HTTP. If you don't want to include the http connector, you can use the system property to disable the health check.
KEYSTORE EXPLORER TOMCAT PASSWORD
Replace with the password you specified for your certificate.Use Java's keytool utility to generate a local certificate (follow the steps in option 1, above).įrom the command line, run the following command to generate a certificate signing request.The CA will use that CSR to generate a certificate for you. You will submit the CSR to your chosen certificate authority. These instructions are adapted from the Tomcat documentation.įirst you will generate a local certificate and create a 'certificate signing request' (CSR) based on that certificate. Production environments will need a certificate issued by a Certificate Authority (CA). Option 2: Use a certificate issued by a Certificate Authority (recommended) Your keystore entry must have the same password as your private key.'tomcat' is the alias we entered in the keytool command above, it refers to your.When asked for the password for 'tomcat', enter the password you created in step 2 (or hit return to use the same.Hit ' y' to confirm the details.ĬN=, OU=Marketing, O=SeeSpaceEZ, L=Sydney, ST=NSW, C=AU The output will look something like the example below. Organization: this is your company name, for example 'SeeSpaceEZ'.Ĭity, State / province, country code: this is where you're located, for example Sydney, NSW, AU.Organizational unit: this is the team or department requesting the certificate, for example 'marketing'.The CN must match the fully qualified hostname of the server running Confluence, or Tomcat won't be able to use the certificate for SSL. First and last name: this is not your name, it is the Common Name (CN), for example ''.Follow the prompts to specify the certificate details. This info is used to construct the X.500 Distinguished Name (DN) of the entity.Make a note of the password, you'll need it in the next step.Tomcat has a known issue with special characters. When prompted, create a password for the certificate (private key). $JAVA_HOME/bin/keytool -genkeypair -keysize 2048 -alias tomcat -keyalg RSA -sigalg SHA256withRSA To generate a self-signed certificate using keytool:įrom the command line, run the appropriate command for your operating system: In this example, we'll use Java's keytool utility, which is included with the JDK. If you're not comfortable using command line utilities KeyStore Explorer is a useful alternative to the command line. Users won't be able to log in to your site at all via the Confluence Server mobile app if you use a self-signed certificate. This usually will only occur the first time they access the site. In general, you might use a self-signed certificate on a test environment and on internal corporate networks (intranets).īecause the certificate is not signed by a certificate authority (CA), users may receive a message that the site is not trusted and may have to perform several steps to accept the certificate before they can access the site. Self-signed certificates are useful if you require encryption but don't need to verify the identity of the requesting website. Option 1: Create a self-signed certificate You can't use the app with a self-signed certificate, or one from an untrusted or private CA.
If your team plans to use the Confluence Server mobile app, you'll need a certificate issued by a trusted Certificate Authority. You can create your own self-signed certificate, or acquire one from a trusted Certificate Authority.
If you already have a certificate, skip to step 2. You'll need a valid certificate before you can enable HTTPS. We recommend you enable HTTPS on your site. Running Confluence without HTTPS enabled may leave your site exposed to vulnerabilities, such as man-in-the-middle or DNS rebinding attacks.
0 kommentar(er)
