Create and Install an SSL Certificate for Jira Align Self Hosted

Summary

This article describes the steps needed to generate and install an SSL Certificate on a Jira Align self-hosted site.

Solution

The following steps outline a preferred method for creating an SSL certificate on a Windows Server. This process is not limited to Jira Align, and you can achieve the same result using alternative methods.

Step 1: Create a Certificate Request using MMC

Open MMC: Press Win + R, type mmc, and press Enter.
Add the Certificates Snap-in:
1. Click on File > Add/Remove Snap-in.
2. Select Certificates from the list and click Add.
3. Choose Computer account, then Next.
4. Select Local computer and click Finish.
5. Click OK to close the Add or Remove Snap-ins dialog.
Create a Certificate Request:
1. Expand Certificates > Personal.
2. Right-click on Certificates under `Personal
3. Select All Tasks > Advanced Operations > Create Custom Request.
4. Click Next to skip the Welcome page.
Select Certificate Enrollment Policy:
1. Choose Proceed without enrollment policy and click Next.
2. Template Information:
  1. Select (No template) CNG key, then click Next.
Configure Certificate Information: In the `Certificate Information` section, click to expand the Details and then Properties.
Specify Certificate Properties:
1. General: Set a desired `Friendly name` and `Description` for the certificate
2. Subject Name:
  1. Click on the Subject tab.
  2. Set Common Name (CN) to your primary Jira Align domain (e.g., jiraalign.com).
3. Subject Alternative Names (SAN):
  1. Still on the Subject tab, under Alternative Name, add DNS entries for each domain you want to secure, including the primary domain you inputted as Common Name (e.g., jiraalign.com, sub.jiraalign.com).
  2. Click Add after entering each name.
4. Extensions:
  1. Click on the Extensions tab.
  2. Ensure `Key usage` includes Digital Signature and Key Encipherment.
  3. Ensure `Extended Key Usage` includes Server Authentication.
5. Private Key:
  1. Click on the Private Key tab.
  2. Expand `Key options` and ensure Make private key exportable is checked.
  3. Set the `Key size` to 2048 bits for RSA, as this is the minimum recommended for security and supported by the MMC wizard.
Finish the Certificate Request:
1. Click OK to close the Certificate Properties dialog.
2. Click Next, then click Browse. Select a file location and specify a file name for your CSR, such as `myJiraAlign.csr`.
3. Click Save
4. Click Finish to complete the CSR creation process.

Step 2: Submit the CSR to a Certificate Authority (CA)

Send CSR to CA: Send the generated `myJiraAlign.csr` file to your chosen Certificate Authority (CA) for signing. Ensure the CA supports SANs if your certificate requires them.
Receive the Signed Certificate: Once the CA processes your request, you will receive a signed certificate file (usually with a `.crt` or `.cer` extension).

Step 3: Install the Certificate in MMC

Return to MMC: Open MMC again if it's closed.
Import the Certificate:
1. Navigate to Certificates under Personal.
2. Right-click on Certificates and choose All Tasks > Import.
3. Click Next in the Certificate Import Wizard.
4. Browse to the location of the signed certificate file you received from the CA.
5. Select the file and click Next.
6. Ensure the certificate store is set to Personal and click Next.
Complete the Import:
1. Click Finish to complete the import process.
2. You should see a confirmation message indicating the import was successful.

Step 4: Export the Certificate as a PFX File

Export the Certificate:
1. In MMC, navigate to Certificates under Personal.
2. Locate the certificate you just imported. The Friendly Name you specified can be useful here.
3. Right-click on the certificate and select All Tasks > Export.
Export Wizard:
1. Click Next on the Welcome page of the Certificate Export Wizard.
2. Choose Yes, export the private key and click Next.
Export File Format:
1. Select Personal Information Exchange - PKCS #12 (.PFX).
2. Ensure Include all certificates in the certification path if possible and Export all extended properties are checked.
3. Click Next.
Set Security:
1. Enter a strong password to protect the PFX file and confirm it. This adds an extra layer of security to your private key.
2. Click Next.
Save the PFX File:
1. Click Browse and specify a file location and a file name for the PFX file (e.g., myJiraAlign.pfx).
2. Click Next and then Finish to complete the export process.
3. You should see a confirmation message indicating the export was successful.

Step 5: Install the Certificate in IIS

Open Internet Information Services (IIS) Manager: Press Win + R, type inetmgr, and press Enter.
Install the Certificate:
1. In the IIS Manager, select the server node in the left-hand Connections pane.
2. Double-click on Server Certificates in the middle pane.
3. Click on Import in the Actions pane.
4. Browse to the location of your PFX file.
5. Enter the password you set during the export process.
6. Ensure the Allow this certificate to be exported option is checked if desired.
7. Click OK to complete the import.

Step 6: Applying the Certificate to the Jira Align Site by Updating Binding

You can consider performing this task after work hours to prevent disruptions in case of issues. However, it does not require downtime.

Update the Jira Align Site Binding:
1. In the IIS Manager, expand the Sites node and select the Jira Align site you want to bind the certificate to.
2. Click on Bindings.
Modify or Add HTTPS Binding:
1. If adding a new binding, click Add, set the Type to https, and specify the IP address and port (default is 443) if needed.
2. If it already exists, select the https binding and click Edit.
3. In the SSL certificate dropdown, select the newly installed certificate. The Friendly Name you specified can be useful here.
4. Click OK to save the binding.

Updated on June 4, 2025

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Atlassian Support