-
Login as root and create directory for mail server files to be created. Rename "mail.mailserver.com" for your mail server you're trying to connect to.
mkdir ~/mail.mailserver.com cd ~/mail.mailserver.com
-
Get certificate file contents from mail server on port 995:
openssl s_client -connect mail.mailserver.com:995 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certfile.crt
You should now have a file with the server’s certificate in it. Something like this:
-----BEGIN CERTIFICATE----- MIIFTzCCBDegAwIBAgIQXLtHejIIpgWRGXqpVNiVwDANBgkqhkiG9w0BAQsFADCB kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD ... 3BKoVOqVmttGu1zEgAM8g2Rrcs746s8uxMtB7oycxcypgvipBuUXFDLMIIOfEwL0 6IMGtUdXTb5gg/RhqjjuH60aGLTsWYMeqWryRkVF6AUkvKpFjt2Zj+8I+bnsWRJ/ +mPWIeBrTsYTxNbMSe6lNZPM05FXqF6TnVIQ4hrbbFiUJzIDzJlr1sHbf8MSSVHS flD4++98xdf+YjlSdM12wo7LCyM795DUr/FDfvIec1oCbKJG8Kvk/MuWiLIkw1KB KurjyLkxKFyDpOqyeoyScOXeEA== -----END CERTIFICATE——
-
Check where the jira cacerts file path is stored:
locate cacarts
You should find a file like this:
/opt/atlassian/jira/jre/lib/security/cacerts
-
Import the downloaded cert with keytool command into jira cacert path:
keytool -import -alias serverCert -file certfile.crt -keystore <jira cacert file path found above>
example:
keytool -import -alias serverCert -file certfile.crt -keystore /opt/atlassian/jira/jre/lib/security/cacerts
or
/opt/atlassian/jira/jre/bin/keytool -import -alias serverCert -file certfile.crt -keystore /opt/atlassian/jira/jre/lib/security/cacerts
NOTE: When promted for a password, the default pw is "changeit"
Answer yes at prompt
-
Restart jira (wherever stop-jira.sh / start-jira.sh is installed)
/opt/atlassian/jira/bin/stop-jira.sh /opt/atlassian/jira/bin/start-jira.sh
or
/home/jirauser/atlassian/jira/bin/stop-jira.sh /home/jirauser/atlassian/jira/bin/start-jira.sh
-
Log into jira, go to System Module > Configure SSL. There will be an entry now for:
CN=*.mailserver.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated
-
You can now setup your incoming mail server settings, and a test should say: The connection was successful.
Created
June 8, 2014 17:53
-
-
Save brandonsimpson/c49af566997dbed920e9 to your computer and use it in GitHub Desktop.
Add ssl cacert for a secure mail server to Jira
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Many-many thanks, bro!