This page explains how to add certificates to the Java trust store.
You may have to work with certificates that are not in the default trust store. For example, companies often use their own private certificate authority (CA) issuing root certificates that are not included in the default installations.
In that case, these certificates need to be added to the Java trust store of the Jira or Confluence instance.
Certificates can be added to the Java trust store using the
keytool utility that comes with Java.
For example, to add a certificate named
$JAVA_HOME/bin/keytool -importcert -trustcacerts -cacerts -file myRootCert.pem -alias myRootCert
The password requested to update the Java truststore is changeit by default.
Before Java 9, there was no
-cacertsoption. Instead you must provide the location of the cacerts keystore using the
-keystoreoption. The cacerts keystore should be located either at $JAVA_HOME/jre/lib/security/cacerts or $JAVA_HOME/lib/security/cacerts.
If you need to run the import unattended, append
-storepass changeit -nopromptto the above command.
After having added the certificate to the truststore, restart Jira or Confluence.
If the keytool command displays
Certificate was added to keystore
this may not be true. Look out for any error messages like
keytool error: java.io.FileNotFoundException: [...] (Permission denied)