Skip to content

Instantly share code, notes, and snippets.

@brandonsimpson

brandonsimpson/jira_cacert.md

Created June 8, 2014 17:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save brandonsimpson/c49af566997dbed920e9 to your computer and use it in GitHub Desktop.
Save brandonsimpson/c49af566997dbed920e9 to your computer and use it in GitHub Desktop.
Download ZIP
Add ssl cacert for a secure mail server to Jira
Raw
jira_cacert.md

Add ssl cacert for a secure mail server to Jira

  1. Login as root and create directory for mail server files to be created. Rename "mail.mailserver.com" for your mail server you're trying to connect to.

    mkdir ~/mail.mailserver.com
cd ~/mail.mailserver.com

  2. Get certificate file contents from mail server on port 995:

    openssl s_client -connect mail.mailserver.com:995 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certfile.crt

    You should now have a file with the server’s certificate in it. Something like this:

    -----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIQXLtHejIIpgWRGXqpVNiVwDANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
...
3BKoVOqVmttGu1zEgAM8g2Rrcs746s8uxMtB7oycxcypgvipBuUXFDLMIIOfEwL0
6IMGtUdXTb5gg/RhqjjuH60aGLTsWYMeqWryRkVF6AUkvKpFjt2Zj+8I+bnsWRJ/
+mPWIeBrTsYTxNbMSe6lNZPM05FXqF6TnVIQ4hrbbFiUJzIDzJlr1sHbf8MSSVHS
flD4++98xdf+YjlSdM12wo7LCyM795DUr/FDfvIec1oCbKJG8Kvk/MuWiLIkw1KB
KurjyLkxKFyDpOqyeoyScOXeEA==
-----END CERTIFICATE——

  3. Check where the jira cacerts file path is stored:

    locate cacarts

    You should find a file like this:

    /opt/atlassian/jira/jre/lib/security/cacerts

  4. Import the downloaded cert with keytool command into jira cacert path:

    keytool -import -alias serverCert -file certfile.crt -keystore <jira cacert file path found above>

    example:

    keytool -import -alias serverCert -file certfile.crt -keystore /opt/atlassian/jira/jre/lib/security/cacerts

    or

    /opt/atlassian/jira/jre/bin/keytool -import -alias serverCert -file certfile.crt -keystore /opt/atlassian/jira/jre/lib/security/cacerts

    NOTE: When promted for a password, the default pw is "changeit"

    Answer yes at prompt

  5. Restart jira (wherever stop-jira.sh / start-jira.sh is installed)

    /opt/atlassian/jira/bin/stop-jira.sh
/opt/atlassian/jira/bin/start-jira.sh

    or

    /home/jirauser/atlassian/jira/bin/stop-jira.sh
/home/jirauser/atlassian/jira/bin/start-jira.sh

  6. Log into jira, go to System Module > Configure SSL. There will be an entry now for:

    CN=*.mailserver.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated

  7. You can now setup your incoming mail server settings, and a test should say: The connection was successful.

@AVasik
Copy link

AVasik commented Jan 18, 2016

Many-many thanks, bro!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment