命令行配置步骤
Command line installation
过程说明:
创建存放证书的本地秘钥库keystore文件jira.jks,生成证书签名请求文件csr.txt或者jira.csr;
自签名,生成密钥和根证书;
使用根证书ca.crt对csr.txt进行签名,生成jira.crt文件;
导入根证书、签名的证书至本地秘钥库
Step 1. Create the KeyStore
Generate the Java KeyStore.
<JAVA_HOME>/keytool -genkey -alias jira -keyalg RSA -keystore <Jira_HOME>/jira.jks
实际步骤:
keytool -genkey -alias jira -keyalg RSA -keystore /data/jirasoftware-home/jira.jks
What is your first and last name?
[Unknown]: xx
What is the name of your organizational unit?
[Unknown]: xx
What is the name of your organization?
[Unknown]: xx
What is the name of your City or Locality?
[Unknown]: Beijing
What is the name of your State or Province?
[Unknown]: Beijing
What is the two-letter country code for this unit?
[Unknown]: CN
Instead of the first and last names, enter the server URL, excluding https://. For example: jira.atlassian.com.
注:
1)*.jks文件不要放在安装目录,以免后续升级时被冲掉;
此处放在/opt/jirasoftware–home下
2)执行时要输入 firt and last name 时。要写域名或者IP,比如: 192.168.100.101,jira.company.com;
没有域名:此处使用xx
3)执行时要输入密码,只能是字母和数字组合,记住了,后续要用到。
Enter a password.
Create the CSR for signing and the password from the step 2.
<JAVA_HOME>/keytool -certreq -alias jira -file /output/directory/csr.txt -keystore <Jira_HOME>/jira.jks
Submit the CSR to the CA for signing. They'll provide a signed certificate and a root or
实际步骤:
keytool -certreq -alias jira -file /home/jira/csr.txt -keystore /opt/jirasoftware-home/jira.jks
1)CA机构签名:
将生成的 jira.csr 提交给CA机构签名,CA会给你签名后的证书 jira.crt 以及根证书或者中间证书:root.crt
2)自签名:
openssl req -newkey rsa:2048 -nodes -keyout ca.key -x509 -days 3650 -out ca.crt
自签名:
openssl x509 -req -CA ca.crt -CAkey ca.key -in jira.csr -out jira.crt -days 3650 -CAcreateserial
实际配置步骤:
# openssl x509 -req -CA ca.crt -CAkey ca.key -in ../csr.txt -out jira.crt -days 3650 -CAcreateserial
Signature ok
检查签名:
openssl verify -verbose -CAfile ca.crt jira.crt
jira.crt: OK
$JAVA_HOME/bin/keytool -importcert -alias rootCA -keystore /opt/jirasoftware-home/jira.jks -trustcacerts -file ca.crt
$JAVA_HOME/bin/keytool -importcert -alias jira -keystore /opt/jirasoftware-home/jira.jks -file jira.crt
$JAVA_HOME/bin/keytool -list -alias jira -keystore /data/jirasoftware-home/jira.jks
Enter keystore password:
jira, Aug 16, 2023, PrivateKeyEntry,
Certificate fingerprint (SHA-256):
二、配置JIRA服务
1,备份<Jira_INSTALL>/conf/server.xml
编辑<Jira_INSTALL>/conf/server.xml,增加如下:
<Connector port="18080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^x5c;x60;&quot;&lt;&gt;"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="8192" SSLEnabled="true"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
sslEnabledProtocols="TLSv1.2,TLSv1.3"
clientAuth="false" useBodyEncodingForURI="true"
keyAlias="jira" keystoreFile="/opt/jirasoftware-home/jira.jks" keystorePass="xx" keystoreType="JKS"/>
port="18080"
SSLEnabled="true"
secure="true"
sslEnabledProtocols="TLSv1.2,TLSv1.3"
keyAlias="jira"
keystoreFile="/opt/jirasoftware-home/jira.jks"
keystorePass="xx"
keystoreType="JKS"
如果https端口不是8443,修改了端口,http里的对应也要改:
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^x5c;`&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>
编辑<Jira_INSTALL>/atlassian-jira/WEB-INF/web.xml,在前增加如下:
/data/jirasoftware/atlassian-jira/WEB-INF
参考链接:
https://confluence.atlassian.com/adminjiraserver0822/running-jira-applications-over-ssl-or-https-1142238093.html
原文地址:https://blog.csdn.net/LG_15011399296/article/details/134748192
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。
如若转载,请注明出处:http://www.7code.cn/show_30578.html
如若内容造成侵权/违法违规/事实不符,请联系代码007邮箱:suwngjj01@126.com进行投诉反馈,一经查实,立即删除!