Open in app

Sign in

Write

Sign in

Managing Keystore for Atlassian Confluence on Windows

Ahmet Kasım Erbay
1 min readJan 15, 2024

--

This guide covers how to manage the keystore for Atlassian Confluence on a Windows machine using the Java keytoolcommand.

Setting Up the Keystore in Confluence

Confluence stores keystore details in the server.xml file located in Atlassian\Confluence\conf. The keystore configuration is found within the <Connector> tag:

<Connector port="8443" maxHttpHeaderSize="8192"
   maxThreads="150" minSpareThreads="25"
   protocol="org.apache.coyote.http11.Http11Nio2Protocol"
   enableLookups="false" disableUploadTimeout="true"
   acceptCount="100" scheme="https" secure="true"
   clientAuth="false" sslProtocol="TLSv1.2"
   sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
   URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"
   keystorefile="<MY_PATH_TO_KEYSTORE>"/>

Tip: Store your keystore outside the Confluence Installation or Home directories. This precaution ensures you don’t lose your TLS configuration during upgrades, as the installer recreates these directories.

Handling Certificates in the Keystore

Viewing Certificates

To list all certificates within your keystore, use the command:

& 'C:\Program Files\Atlassian\Confluence\jre\bin\keytool.exe' -list -keystore '<MY_PATH_TO_KEYSTORE>\confluence.jks'

If you need to extract a specific certificate, you can use the FINDSTR command in PowerShell.

Deleting Certificates

To delete a key from the keystore, use this command:

& 'C:\Program Files\Atlassian\Confluence\jre\bin\keytool.exe' -delete -keystore '<MY_PATH_TO_KEYSTORE>\confluence.jks'

You will be prompted to enter the alias name and password for the existing certificate. After providing the credentials, the certificate will be removed from the keystore.

Importing a Keystore

To import a new keystore, execute the following command:

& 'C:\Program Files\Atlassian\Confluence\jre\bin\keytool.exe' -importkeystore -srckeystore '<YOUR_PATH_TO_PFX_FILE>\confluence.pfx' -srcstoretype PKCS12 -srcstorepass '<MY_STORE_PASS>' -deststorepass '<DEST_STORE_PASS>' -destkeypass '<MY_KEY_PASS>' -destkeystore '<MY_PATH_TO_KEYSTORE>\confluence.jks' -deststoretype PKCS12

After importing and configuring the certificates, you should be able to access your Confluence instance via HTTPS.

Thank you for reading!

Confluence
Atlassian
Tls Certificate
Https
Confluence Demo

--

--

Ahmet Kasım Erbay

Written by Ahmet Kasım Erbay

4 Followers

https://github.com/kasimerbay

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams