Versions Compared

Old Version 3

changes.mady.by.user Sales Rixter AB

Saved on

compared with

New Version Current

changes.mady.by.user Sales Rixter AB

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This will force the client to identify itself, and in that way, the server can also validate the identity of the client and whether or not it is a trusted one. 
The server is also not aware of the newly created truststore. Therefore, import the Jira cert into the servers truststore.

Expand
titlewww.badssl.com example

This example describes how you can get the https://client.badssl.com/ to work with iHub mutual TLS.

  1. Download the badssl.com-client.p12 file fromhttps://badssl.com/download/

  2. Run. Note we called it truststore_from_p12.jks, enter badssl.com as password on all prompts

    Code Block
    /usr/bin/keytool -importkeystore -srckeystore badssl.com-client.p12 -srcstoretype PKCS12 -destkeystore truststore_from_p12.jks -deststoretype PKCS12

  3. Goto iHub settings and add the path to the jks file on the server

  4. Enter the password field and click save


Expand
titleExample 2 using Visa developer

This example describes how you can get the https://developer.visa.com/ to work with iHub mutual TLS. For reference see this video Visa getting started

  1. Download the cert and private key from the dev portal

  2. Run this to convert certificate + private key to PKCS12 file

    Code Block
    > openssl pkcs12 -export -in cert.pem -inkey "privateKey.pem" -certfile cert.pem -out myProject_keyAndCertBundle.p12

  3. Run this to make a JKS file with the combined cert+key

    Code Block
    > keytool -importkeystore -srckeystore myProject_keyAndCertBundle.p12 -srcstoretype PKCS12 -destkeystore myProject_keyAndCertBundle.jks -deststoretype PKCS12

  4. List to verify

    Code Block
    > keytool -list -v -keystore myProject_keyAndCertBundle.jks

Java code examples is the source for the above steps

  1. Goto iHub settings and add the path to the jks file on the server

  2. Enter the password field and click save

Troubleshooting

  1. Test that you get an OK connection using SSLPoke from Atlassian https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-error-779355358.html

  2. Verify the cert is in the truststore

  3. Go to Logging and profiling add a new log se.rixter with DEBUG as log level, execute an iHub action and check the logs.

...

https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

https://knowledge.broadcom.com/external/article/136370/create-a-keystore-using-openssl.html

https://community.developer.visa.com/t5/Tutorials/HelloWorld-java-How-to-run-Java-Sample-Code-using-the-Hello/ba-p/16058

https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.2/html/security_guide/extract_a_self-signed_certificate_from_the_keystore