JIRA and Confluence over SSL using same FQDN and same cert from CA but different ports

CPDev February 8, 2014

I purchased a cert from a CA and am trying to set up both Confluence and JIRA instances on the same machine to be accessible in this manner:

Confluence: https://[secure.myFQDN]:9443

JIRA: https://[secure.myFQDN]:8443

The FQDN is the same for both instances, but the port numbers are different, so this should work.

I have followed the documentation for both Confluence and JIRA to get them running over SSL using a cert from a CA.

I created the .keystore file and copied it to <CONFLUENCE-INSTALL>mykeystore.jks, and Confluence is accessible. (Yes, I edited the <CONFLUENCE-INSTALL>conf/server.xml with the keystore path to <CONFLUENCE-INSTALL>mykeystore.jks, the SSl port for Confluence, and keystore password.)

I then made a copy of mykeystore.jks and placed it into <JIRA-INSTALL>mykeystore.jks and edited the <JIRA-INSTALL>/conf/server.xml to have the keystore path of <JIRA-INSTALL>mykeystore.jks, the SSL port for JIRA, and the keystore password.

However when I try to access JIRA, it doesn't load. I can only get JIRA to load using a self-signed cert.

I'm not very familiar with keystore files, but shouldn't it be possible to use the same SSL cert on the same machine? I mean, I'm using two different instances and two different ports (9443 and 8443) for each instance.

Any advice to help in what I'm trying to do (both JIRA and Confluence on same machine assessible via same FQDN but using different ports) would be appreciated.

1 answer

2 votes
CPDev February 9, 2014

For others who may encounter the same issue:

I determined the issue was the "Key Alias" parameter setting in JIRA's in server.xml. (Confluence does not have a Key Alias parameter in it's server.xml, so it went unnoticed.)

Once I updated JIRA's server.xml key alias parameter to the key alias I used when going through the keystore methods, JIRA started working.

=========

Also note that when using JIRA and Confluence from the same FQDN/domain name, you will inadvertently log yourself out of one application anytime you interact with another application, as long as you are using the same browser and in a non-incognito mode. Reason: cookies. Cookies do not specify the port number, so one cookie from one application tied to the FQDN will overwrite the cookie from the other application (also tied to the FQDN).

There are two ways to solve this problem:

1. Edit context path (I opted to NOT do this one),
or
2. Edit either JIRA or Confluence to use a different cookie name. (I chose to edit JIRA).

Steps are here: https://confluence.atlassian.com/display/CONFKB/Logging+into+Another+Atlassian+Application+Logs+Me+Out+of+Confluence

Basically:

1. Change the session cookie name by adding the following line to your JAVA_OPTS parameter (found here: <install>/bin/setenv.sh):

-Dorg.apache.catalina.SESSION_COOKIE_NAME=JIRASESSIONID

and (if you are using Tomcat v7, which you probably are)

2. add the following code in <install>/conf/context.xml by setting the value for sessionCookieName

<Context sessionCookieName ="JIRASESSIONID">

Justin Galimore July 22, 2015

Thank you for this!!

Suggest an answer

Log in or Sign up to answer