Managing Keystore for Atlassian Confluence on Windows
This guide covers how to manage the keystore for Atlassian Confluence on a Windows machine using the Java keytool
command.
Setting Up the Keystore in Confluence
Confluence stores keystore details in the server.xml
file located in Atlassian\Confluence\conf
. The keystore configuration is found within the <Connector>
tag:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2"
sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"
keystorefile="<MY_PATH_TO_KEYSTORE>"/>
Tip: Store your keystore outside the Confluence Installation or Home directories. This precaution ensures you don’t lose your TLS configuration during upgrades, as the installer recreates these directories.
Handling Certificates in the Keystore
Viewing Certificates
To list all certificates within your keystore, use the command:
& 'C:\Program Files\Atlassian\Confluence\jre\bin\keytool.exe' -list -keystore '<MY_PATH_TO_KEYSTORE>\confluence.jks'
If you need to extract a specific certificate, you can use the FINDSTR
command in PowerShell.
Deleting Certificates
To delete a key from the keystore, use this command:
& 'C:\Program Files\Atlassian\Confluence\jre\bin\keytool.exe' -delete -keystore '<MY_PATH_TO_KEYSTORE>\confluence.jks'
You will be prompted to enter the alias name and password for the existing certificate. After providing the credentials, the certificate will be removed from the keystore.
Importing a Keystore
To import a new keystore, execute the following command:
& 'C:\Program Files\Atlassian\Confluence\jre\bin\keytool.exe' -importkeystore -srckeystore '<YOUR_PATH_TO_PFX_FILE>\confluence.pfx' -srcstoretype PKCS12 -srcstorepass '<MY_STORE_PASS>' -deststorepass '<DEST_STORE_PASS>' -destkeypass '<MY_KEY_PASS>' -destkeystore '<MY_PATH_TO_KEYSTORE>\confluence.jks' -deststoretype PKCS12
After importing and configuring the certificates, you should be able to access your Confluence instance via HTTPS.
Thank you for reading!