(3.x) Java Trust Store
This page explains how to add certificates to the Java trust store.
Purpose
You may have to work with certificates that are not in the default trust store. For example, companies often use their own private certificate authority (CA) issuing root certificates that are not included in the default installations.
In that case, these certificates need to be added to the Java trust store of the Jira or Confluence instance.
How to
Certificates can be added to the Java trust store using the keytool
utility that comes with Java.
For example, to add a certificate named myRootCert.pem
, use
$JAVA_HOME/bin/keytool -importcert -trustcacerts -cacerts -file myRootCert.pem -alias myRootCert
Notes:
The password requested to update the Java truststore is changeit by default.
Before Java 9, there was no
-cacerts
option. Instead you must provide the location of the cacerts keystore using the-keystore
option. The cacerts keystore should be located either at $JAVA_HOME/jre/lib/security/cacerts or $JAVA_HOME/lib/security/cacerts.If you need to run the import unattended, append
-storepass changeit -noprompt
to the above command.
After having added the certificate to the truststore, restart Jira or Confluence.
Beware!
If the keytool command displays
Certificate was added to keystore
this may not be true. Look out for any error messages like
keytool error: java.io.FileNotFoundException: [...] (Permission denied)