...
This will force the client to identify itself, and in that way, the server can also validate the identity of the client and whether or not it is a trusted one.
The server is also not aware of the newly created truststore. Therefore, import the Jira cert into the servers truststore.
Expand |
---|
title | www.badssl.com example |
---|
|
This example describes how you can get the https://client.badssl.com/ to work with iHub mutual TLS. Download the badssl.com-client.p12 file fromhttps://badssl.com/download/ Run. Note we called it truststore_from_p12.jks, enter badssl.com as password on all prompts Code Block |
---|
/usr/bin/keytool -importkeystore -srckeystore badssl.com-client.p12 -srcstoretype PKCS12 -destkeystore truststore_from_p12.jks -deststoretype PKCS12 |
Goto iHub settings and add the path to the jks file on the server Enter the password field and click save
|
Expand |
---|
title | Example 2 using Visa developer |
---|
|
This example describes how you can get the https://developer.visa.com/ to work with iHub mutual TLS. For reference see this video Visa getting started Download the cert and private key from the dev portal Run this to convert certificate + private key to PKCS12 file Code Block |
---|
> openssl pkcs12 -export -in cert.pem -inkey "privateKey.pem" -certfile cert.pem -out myProject_keyAndCertBundle.p12 |
Run this to make a JKS file with the combined cert+key Code Block |
---|
> keytool -importkeystore -srckeystore myProject_keyAndCertBundle.p12 -srcstoretype PKCS12 -destkeystore myProject_keyAndCertBundle.jks -deststoretype PKCS12 |
List to verify Code Block |
---|
> keytool -list -v -keystore myProject_keyAndCertBundle.jks |
Java code examples is the source for the above steps Goto iHub settings and add the path to the jks file on the server Enter the password field and click save
|
Troubleshooting
Test that you get an OK connection using SSLPoke from Atlassian https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-error-779355358.html
Verify the cert is in the truststore
Go to Logging and profiling add a new log se.rixter with DEBUG as log level, execute an iHub action and check the logs.
Guide for SSL cert imports
https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
https://knowledge.broadcom.com/external/article/136370/create-a-keystore-using-openssl.html
https://community.developer.visa.com/t5/Tutorials/HelloWorld-java-How-to-run-Java-Sample-Code-using-the-Hello/ba-p/16058
https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.2/html/security_guide/extract_a_self-signed_certificate_from_the_keystore