How to initialize an empty KEYSTORE with Confluence Data Center

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

As part of Atlassian’s commitment to Trust and Security, regarding CVE-2023-22522, newer Confluence versions will no longer allow JSP files to be loaded from the <confluence-install-dir>.

This behavior change makes it impossible to initialize an empty KEYSTORE with the instructions from CONFSERVER-11074, and users are taken to a Page Not Found page when trying to access the URL:

1 <confluence-base-url>/admin/initKeyStore_5_8.jsp

Environment:

Confluence DC 7.19 onwards

Solution

Steps to initialize the empty Keystore

  1. Make sure that the KEYSTORE table from your instance is empty:

    1 SELECT * FROM keystore WHERE alias LIKE '%confluence%';

  2. Download the file keystore-initializer-1.0.0-SNAPSHOT.jar. Please find below the checksums of the artifacts if you want to validate data integrity:

    1 2 # md5 keystore-initializer-1.0.0-SNAPSHOT_2023-12-20T10_11_44.808Z.jar MD5 (keystore-initializer-1.0.0-SNAPSHOT_2023-12-20T10_11_44.808Z.jar) = 04607c7660422076e310efda991f139c

  3. Install the plugin on your instance by manually uploading the .jar file. See Installing Marketplace apps for details (Install an app from a file section).

  4. After installing the plugin, access the following URL on your instance:

    1 <confluence-base-url>/admin/keystore/initialize.action

  5. You should be greeted with the following screen:

    Keystore Initializer: Warning! This will re-initialise your Confluence key pair in KEYSTORE table. Do you wish to proceed?

  6. Click on Proceed so that the KEYSTORE table is re-initialized.

  7. Once the process is done, you should see the following message, confirming that the table has been initialized:

    Keystore Initializer: KEYSTORE table initialized successfully. Do not forget to uninstall the plugin!

  8. Confirm that the KEYSTORE table has been populated with a new key pair (two rows) by running the following query on your database:

    1 SELECT * FROM keystore WHERE alias LIKE '%confluence%';

  9. Uninstall the custom plugin from your instance (keystore-initializer). Details for this can be found on Uninstalling apps.

Updated on May 6, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community