How to update the SSL certificate used by Jira Data Center
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
You can use SSL with Atlassian applications; however, SSL configuration is outside the scope of Atlassian Support.
If you need help with converting certificates, consult with the vendor who provided the certificate.
If you need help with configuring SSL, create a question on the Atlassian Community.
This is a follow-up to the Running Jira applications over SSL or HTTPS article. Here's an overview of the initial setup process done either by GUI with Portecle or through command line:
Setup the keystore
Generate Jira certificate key pair, assign an alias
Generate Signature Request (CSR)
Have it signed and import CA certificates (optional)
Import generated certificate into keystore
Configure tomcat connector for SSL, using the keystore and the certificate alias
Solution
Refer to Running Jira applications over SSL or HTTPS on how to perform the steps described below. Please note that If your deployment uses a reverse-proxy for SSL, this guide may not apply.
Self-signed certificate
Remove the existing certificate (keytool -delete) from the Keystore configured in the Tomcat connector, generate a new certificate and import again. Ensure all clients have the updated certificate as well.
CA Issued certificate
Generate a new CSR for the Jira certificate, have it signed by the same CA and import it back into the Keystore, all should be done under the same alias of the previous/expired certificate.
Was this helpful?