tomcat - Getting a blank file when accessing JIRA on SSL -


i'm stuck on ssl problem jira. i've followed instructions setup jira+ssl on ubuntu getting blank file when accessing http://domain.com:8443/

in blank file can see these

1503 0300 0202 0a

i'm not sure can catalina logs don't report problems.

how add ssl certificate secure jira installation:

assumptions:

  1. jira running on port 8080 or other open port, on linux machine
  2. jira using tomcat server , indepedent apache http server
  3. you have valid ca signed root certificate , certificate chain, after generating csr , key.
  4. no reverse proxy setting enabled in apache http server configuration

you see little bit similar configuration in /conf/server.xml

<service name="catalina">     <!-- http connector values scheme, proxyname , proxyport -->     <connector port="8080"                acceptcount="100"                scheme="http"                maxthreads="150"                minsparethreads="25"                connectiontimeout="20000"                enablelookups="false"                maxhttpheadersize="8192"                protocol="http/1.1"                usebodyencodingforuri="true"                disableuploadtimeout="true"/>     <engine name="catalina" defaulthost="localhost">         <host name="localhost" appbase="webapps" unpackwars="true" autodeploy="true">             <context path="" docbase="${catalina.home}/atlassian-jira" reloadable="false" usehttponly="true">                 <resource name="usertransaction" auth="container" type="javax.transaction.usertransaction"                           factory="org.objectweb.jotm.usertransactionfactory" jotm.timeout="60"/>                 <manager pathname=""/>             </context>          </host>          <valve classname="org.apache.catalina.valves.accesslogvalve"                pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %u%q %h&quot; %s %b %d &quot;%{referer}i&quot; &quot;%{user-agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>      </engine> </service>

to add ssl certificate first need include key , root certificate in single entity using keytool java executable. present in /bin/ folder.

the main thing note here if use keytool import root certificate or chain certificate without key, browser may give ssl overlap or different ssl related error. first requirement import certificates domain key.

another thing need convert key , root .crt files pkcs12 compatible java keytool can read in own format. otherwise again face ssl errors on browsers.

now combine key , certificate in pkcs format using openssl on linux machine, in /bin/ folder.

root@mail bin]# openssl pkcs12 -export -in /opt/certificate_store/root.crt -inkey /home/certificate_store/domain.key -out server.p12 -name jira_alias -cafile /home/certificate/gd_bundle.crt -caname root

enter export password:

verifying - enter export password:

this command create file server.p12 (u can give name). dont forget alias name (u can give alias name, identifier information certifcate list, if any)

[root@mail bin]# ls

java jjs keytool orbd pack200 policytool rmid rmiregistry server.p12 servertool tnameserv unpack200

now use keytool convert java readable

[root@mail bin]# keytool -importkeystore -deststorepass -destkeypass -destkeystore server.keystore -srckeystore server.p12 -srcstoretype pkcs12 -srcstorepass -alias jira_aliased

(for symmetry, u can try same password every where, password required given in server.xml further)

above command create file server.keystore using given options

[root@mail bin]# ls

java jjs keytool orbd pack200 policytool rmid rmiregistry server.keystore server.p12 servertool tnameserv unpack20

now certificate keystore ready secure jira.

open /conf/server.xml , add following new connector after old connector

    <!-- standard https connector  -->     <connector             acceptcount="100"             sslenabled="true"             connectiontimeout="20000"             disableuploadtimeout="true"             enablelookups="false"             maxhttpheadersize="8192"             maxthreads="150"             minsparethreads="25"             maxsparethreads="75"             port="<port_number_on_which_you_want_to_run_jira_on_ssl>"             protocol="org.apache.coyote.http11.http11nioprotocol"             scheme="https"             secure="true"             clientauth="false"             keystoretype="jks"             keystorefile="/opt/atlassian/jira/jre/bin/server.keystore"             keystorepass="same password here had given in keytool"             usebodyencodingforuri="true"/>

comment out old http connector, save server.xml file , restart jira. open jira site on specified port number : http(s)://domain.com:, check working or not. alternatively on linux console can try following command check if ssl working on port.

$openssl s_client -connect localhost:

it produce certificate chain , if working otherwise not show certifcate , error thrown.

if still want access jira on both http , https, open server.xml file , uncomment old http connector , put forwader http https. http connector listening on 8080 , https connector listening on port number 9000, server.xml connectors should this.

    <!-- http connector values scheme, proxyname , proxyport -->     <!--<connector port="8080"                acceptcount="100"                scheme="http"                maxthreads="150"                minsparethreads="25"                connectiontimeout="20000"                enablelookups="false"                maxhttpheadersize="8192"                protocol="http/1.1"                usebodyencodingforuri="true"                redirectport="9000"                disableuploadtimeout="true"/>-->      <!-- standard https connector  -->     <connector             acceptcount="100"             sslenabled="true"             connectiontimeout="20000"             disableuploadtimeout="true"             enablelookups="false"             maxhttpheadersize="8192"             maxthreads="150"             minsparethreads="25"             maxsparethreads="75"             port="9000"             protocol="org.apache.coyote.http11.http11nioprotocol"             scheme="https"             secure="true"             clientauth="false"             keystoretype="jks"             keystorefile="/opt/atlassian/jira/jre/bin/server.keystore"             keystorepass="<password_here>"             usebodyencodingforuri="true"/>

enjoy ssl !!

don't forget add following lines in /atlassian-jira/web-inf/web.xml

<security-constraint>     <web-resource-collection>         <web-resource-name>all-except-attachments</web-resource-name>         <url-pattern>*.jsp</url-pattern>         <url-pattern>*.jspa</url-pattern>         <url-pattern>/browse/*</url-pattern>         <url-pattern>/issues/*</url-pattern>     </web-resource-collection>     <user-data-constraint>         <transport-guarantee>confidential</transport-guarantee>     </user-data-constraint> </security-constraint>

Comments

Post a Comment

Popular posts from this blog

asp.net mvc - SSO between MVCForum and Umbraco7 -

i need integrate sso between mvcforum (forum of company) , umbraco7 (manages cms company). however struggling shared authentication work. tried several ways suggested on other threads still not running expected. here did: 1. in mvcforum (forum.mywebsite.com) 1.1. machine key in web.xml: <machinekey validationkey="the same key umbraco7" decryptionkey="the same key umbraco7" validation="sha1" decryption="aes" /> 1.2. authenticate forms in web.xml <forms name="my-sso-auth" protection="all" path="/" timeout="43200" domain="forum.mywebsite.com" loginurl="/members/logon" enablecrossappredirects="true" /> 2. in umbraco7 (news.mywebsite.com) 2.1. machine key in web.xml: <machinekey validationkey="the same key mvcforum" decryptionkey="the same key mvcforum" validation="sha1" decryption="aes" /> 2.2. a
Read more

Python Tkinter keyboard using bind -

i have problem using bind option can click button in keyboard, , call function once key pressed. tried taking other codes have similar purpose , saw i'm doing pretty same, though still have problem must've missed. thankful if me this. here's code: # -*- coding: utf-8 -*- #imports tkinter import * pil import imagetk, image import time import tkmessagebox #===========================================================================================================================================# #tkinter class class app(frame): def __init__(self, master=none): frame.__init__(self, master) self.pack() #===========================================================================================================================================# #game pieces classes class board: def __init__(self, rows = 7, columns = 6, picture_height = none, picture_width = none): self.rows = rows self.columns = columns self.picture
Read more

ubuntu - Selenium Node Not Connecting to Hub, Not Opening Port -

i'm trying set demo selenium grid. have digital ocean ubuntu 14.02 droplet. (i have 2 , tried set using 2 different machines got nowhere.) i'm trying run hub , node both locally. here input both hub, node, , nmap results. https://gist.github.com/mekhami/d5bbecca5ff0de9d2dc9 so, node starting tcp connection reset , port it's supposed operate on closed. i have had no luck in number of different options , configurations work. but... of course, worked randomly once. don't know why, don't know did, know 1 brief moment, node connected , saw on grid console. tried run test , went down again , i've never seen come up. please let me know more information can provide. update: randomly came online again. don't know happened, might related timeout or time_wait or going on. this because vm/server not have enough entropy available. to resolve problem, install haveged (or other similar things). the instructions of how install haveged on ubu
Read more