Validate that certificates are correctly imported into the Java keystore
Symptoms
While trying to run JIRA over SSL, you may need to verify if the certificates were properly imported into the keystore. Some sample situations where this may come up:
JIRA fails to startup with Tomcat errors indicating that an alias is not found:
Caused by: java.io.IOException: Alias name jira does not identify a key entry- Or JIRA successfully starts, but your browser is showing the wrong certificate details
Resolution
In these situations, it would be best to examine the keystore file directly to ensure that the certificate was properly imported with the appropriate information. This can be done with this command:
$ keytool -list -v -keystore your_keystore_file > outputfileSample:
$ keytool -list -v -keystore test-local.jks > keystore-info.txt
Enter keystore password: changeit
$ cat keystore-info.txt
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: test-local
Creation date: Jul 9, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=localhost, OU=local, O=Atlassian, L=Austin, ST=TX, C=US, EMAILADDRESS=test0123@atlassian.com
Issuer: CN=localhost, OU=local, O=Atlassian, L=Austin, ST=TX, C=US, EMAILADDRESS=test0123@atlassian.com
Serial number: 53bdbc3b
Valid from: Wed Jul 09 17:03:39 CDT 2014 until: Thu Jul 09 17:03:39 CDT 2015
Certificate fingerprints:
MD5: E5:2D:C1:8A:C1:D4:45:71:5B:9F:8B:61:5E:C2:2C:89
SHA1: 26:4F:BC:2A:72:46:3E:98:C5:19:2D:A3:DD:48:B4:E9:CD:A5:78:9D
SHA256: 8C:3B:00:DA:45:38:60:61:E2:2D:AC:D8:37:67:E3:7A:95:10:0B:29:E0:47:B1:DD:35:3C:98:2C:BF:43:D3:60
Signature algorithm name: SHA1withRSA
Version: 1
*******************************************
*******************************************
Last modified on Mar 21, 2024
Powered by Confluence and Scroll Viewport.