添加链接 注册    登录
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
深沉的书包  ·  hjapp1 — 目录·  2 月前    · 
大力的铁板烧  ·  Flight HT1001P | ...·  2 月前    · 
至今单身的风衣  ·  Getting Started | ...·  2 月前    · 
千杯不醉的蜡烛  ·  Tiny Gecko | WIZnet ...·  3 月前    · 
干练的香槟  ·  VBA数组用法-简易实例 - ...·  5 月前    · 
link管理  ›  Ssl error: java.net.UnknownHostException:https
https://community.atlassian.com/t5/Confluence-questions/Ssl-error-java-net-UnknownHostException-https/qaq-p/666399
坚强的青蛙
4 月前
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources

Hi,

Specs:
Server 2016
Java (32bit) Version 8 Update 151

We installed Atlassian Confluence on premises and would like to communicate to it using SSL.
Atlassian has a nice manual that we carried out.
We have a wildcard certificate (Comodo) that we wanted to use for this.

So, we created a keystore, imported the certificate (.crt) and pointed the server configfile to it: 

<Connector port="8443" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
                   URIEncoding="UTF-8" keystorePass="password"
				   keystoreFile="D:\somepath\atlassian"

Than we downloaded the root and intermediate certificates from Comodo and imported them in the cacerts store.
After that we restarted the Atlassian Confluence service.

We connect to Confluence using this url: https://app##.domain.local:8443

When we use Chrome we get an: ERR_SSL_VERSION_OR_CIPHER_MISMATCH error
When we use Firefox we get a: SSL_ERROR_NO_CYPHER_OVERLAP error.

We used a nifty tool to import the certificates: KeyStore Explorer.
This little tool has also an option: Examine SSL.
It gives us this error:

Confluence_SSL_Error.jpg

What are we doing wrong and how can we fix this ?
Any help is appreciated !

Thanks in advance.

Hello,

Possibly the following would help, if you use the conversion process to include both crt and private key in generating a PKCS12:

  1. Convert the existing cert to a PKCS12 using OpenSSL. A password is required when asked or the 2nd step will complain.

    openssl pkcs12 -export -in [my_certificate.crt] -inkey [my_key.key] -out [keystore.p12] -name [new_alias] -CAfile [my_ca_bundle.crt] -caname root

  2. Convert the PKCS12 to a Java Keystore File.

    keytool -importkeystore -deststorepass [new_keystore_pass] -destkeypass [new_key_pass] -destkeystore [keystore.jks] -srckeystore [keystore.p12] -srcstoretype PKCS12 -srcstorepass [pass_used_in_p12_keystore] -alias [alias_used_in_p12_keystore]

 
推荐文章
深沉的书包  ·  hjapp1 — 目录
2 月前
大力的铁板烧  ·  Flight HT1001P | 工业3D打印机_SLM大型金属3D打印_SLS尼龙3D打印_华曙高科
2 月前
至今单身的风衣  ·  Getting Started | Messaging with JMS
2 月前
千杯不醉的蜡烛  ·  Tiny Gecko | WIZnet Document System
3 月前
干练的香槟  ·  VBA数组用法-简易实例 - NAMEISFUCK - 博客园
5 月前
Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
link管理 - 链接快照平台