Renewing SSL Certificate for Apache Reverse Proxy in Jira Data Center

Related content

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.

Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Jira can be integrated with Apache using SSL as explained in the documentation here. In this use case, the SSL certificate will be managed within Apache rather than Tomcat. This article aims to guide you through the process of renewing expired or expiring certificates configured in Apache, ensuring that you can maintain uninterrupted access to Jira. 

Environment

Jira Software/ Jira Service Management DataCenter on any version

Solution

Follow the steps below to renew the certificates configured in Apache.

  • Use the command provided to create a new private key and generate a new CSR.

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

The above command will generate a new RSA private key (2048 bits) and save it in server.key. It will also create a CSR (Certificate Signing Request) based on the new private key and save it in server.csr. 

  • Submit the CSR to the CA following their enrollment process. The selection of the CA is at the discretion of the users.

  • After the CSR submission, the CA conducts a series of checks and issues the Server certificate, along with the Root and intermediate certificates.

  • Create a directory and move all the issued certificates, including the server.key file, into it.

  • Edit the Apache configuration file (httpd.conf). Apache's main configuration file is typically named httpd.conf or apache2.conf. Possible locations for this file include /etc/httpd/ or /etc/apache2/.

  • Update the <VirtualHost> block with the newly created certificates 

<VirtualHost *:443>
ServerName jira.com
ProxyTimeout 1800
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/DigiCertCA.crt
SSLProxyEngine          On
ProxyRequests           Off
ProxyPreserveHost       On
ProxyPass               /       http://jiraserver/jira
ProxyPassReverse        /       http://jiraserver/jira
</VirtualHost> 

In the above example, please take a moment to replace the SSLCertificateFile with the server's SSL certificate that you received from the Certificate Authority (CA). Additionally, replace SSLCertificateChainFile with the Root/Intermediate certificate chain that you were provided. It's important to ensure that SSLCertificateKeyFile points to the key file location that you created in the first step.

  • After making these changes, restart Apache and access Jira using the base URL.
Last modified on Dec 31, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

Powered by Confluence and Scroll Viewport.