Validate that certificates are correctly imported into the Java keystore

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

While trying to run JIRA over SSL, you may need to verify if the certificates were properly imported into the keystore. Some sample situations where this may come up:

  • JIRA fails to startup with Tomcat errors indicating that an alias is not found:

    Caused by: java.io.IOException: Alias name jira does not identify a key entry
    
  • Or JIRA successfully starts, but your browser is showing the wrong certificate details

Resolution

In these situations, it would be best to examine the keystore file directly to ensure that the certificate was properly imported with the appropriate information. This can be done with this command:

$ keytool -list -v -keystore your_keystore_file > outputfile


Sample:

$ keytool -list -v -keystore test-local.jks > keystore-info.txt
Enter keystore password:  changeit
 
$ cat keystore-info.txt 

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: test-local
Creation date: Jul 9, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=localhost, OU=local, O=Atlassian, L=Austin, ST=TX, C=US, EMAILADDRESS=test0123@atlassian.com
Issuer: CN=localhost, OU=local, O=Atlassian, L=Austin, ST=TX, C=US, EMAILADDRESS=test0123@atlassian.com
Serial number: 53bdbc3b
Valid from: Wed Jul 09 17:03:39 CDT 2014 until: Thu Jul 09 17:03:39 CDT 2015
Certificate fingerprints:
	 MD5:  E5:2D:C1:8A:C1:D4:45:71:5B:9F:8B:61:5E:C2:2C:89
	 SHA1: 26:4F:BC:2A:72:46:3E:98:C5:19:2D:A3:DD:48:B4:E9:CD:A5:78:9D
	 SHA256: 8C:3B:00:DA:45:38:60:61:E2:2D:AC:D8:37:67:E3:7A:95:10:0B:29:E0:47:B1:DD:35:3C:98:2C:BF:43:D3:60
	 Signature algorithm name: SHA1withRSA
	 Version: 1


*******************************************
*******************************************

Last modified on Mar 21, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.