Publish Atlassian JIRA 6.2.4 to Internet using wildcard SSL certificate on TMG 2010

Today I needed to publish Atlassian JIRA using a wildcard public CA SSL certificate. I couldn't find any good guides to this so I have written a few notes below on how I finished the task.

Technical environment

  • JIRA: 6.2.4 (installed on Windows) running tomcat webserver
  • TMG: 2010 (installed on Windows)

Tasks

  1. Installed *.domain.com certificate on TMG server (using Certificate Console in Windows)
  2. Exported certificate (including private key) as PKCS12 format
  3. Converted certificate to JKS store using keytool
    • keytool -importkeystore -srckeystore certificate.pfx -srcstoretype pkcs12 -destkeystore jira.jks -deststoretype JKS
  4. Edited the alias in the JKS store using Portecle (http://portecle.sourceforge.net/)
  5. TMG customizations
    1. Created a new web listener
    2. Created a new web rule for jira.domain.com
    3. Removed link translation on rule
    4. Removed "URL normalization" HTTP setting on rule
      (right click the rule in TMG and choose HTTP in the bottom)
  6. JIRA server customizations
    1. Installed jira.jks file on server
    2. Edited server.xml for JIRA server (port 443 and referencing jira.jks)
    3. Edited baseURL in JIRA to https://jira.domain.com
    4. Restarted JIRA service
server.xml
 <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
 maxHttpHeaderSize="8192" SSLEnabled="true"
 maxThreads="150" minSpareThreads="25"
 enableLookups="false" disableUploadTimeout="true"
 acceptCount="100" scheme="https" secure="false"
 clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true"
 keyAlias="jira.domain.com" keystoreFile="C:\Java\jdk1.8.0_05\jira.jks" 

 keystorePass="MyPWD" keystoreType="JKS"/>


Links

No comments: