How To Install LDAP SSL Certificate into Hipchat Server Keystore

関連コンテンツ

  • 関連コンテンツがありません

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Fisheye および Crucible は除く

This is for an outdated version of Hipchat Server

 This article applies to a version of Hipchat Server which will be deprecated soon. After that period the version will no longer be supported.

When will my version be deprecated?

The following versions have been deprecated:

  • Hipchat Server 1.3 (EOL Date: Aug 17, 2017)
  • Hipchat Server 2.0 (EOL Date: Jun 17, 2018)
  • Hipchat Server 2.1 (EOL Date: Dec 8, 2018)

The following version will be deprecated soon:

  • Hipchat Server 2.2 (EOL Date: May 30, 2019)

You can read more about Atlassian's End of Life policy here.

You should upgrade to a more recent version of Hipchat Server as soon as you can to take advantage of new features, and security and bug fixes.

目的

Many organizations require the use of SSL to connect to LDAP directories. This means that the LDAP server's SSL certificate must be imported into the Hipchat Server's Crowd keystore. Otherwise,  the following error may be observed when running a directory connection test:

Test basic connection : Failed 
ldap.atlassian.net:636; nested exception is javax.naming.CommunicationException: ldap.atlassian.net:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

ソリューション

The following steps will install the LDAP SSL certificate into Hipchat Server's Crowd keystore:

  1. Transfer the SSL certificate file from the LDAP server to the Hipchat Server.

  2. Log in to the Hipchat Server's command-line interface as the admin user. 

  3. Run the following command to change to Crowd's Java directory: 

    cd /usr/lib/jvm/java-8-openjdk-amd64

    (info) Prior to Hipchat Server v2.0.7, Crowd's Java directory was located at /usr/lib/jvm/java-7-openjdk-amd64

     

  4. Gain root access by executing the following command:

    sudo dont-blame-hipchat

  5. As root, use the keytool command to import the certificate into the keystore.  In the below example, the certificate file (named the-certificate.crt) was transferred to the /home/admin directory on the Hipchat Server.  Substitute filenames and paths accordingly:

    keytool -import -keystore ./jre/lib/security/cacerts -alias LDAP -file /home/admin/the-certificate.crt
  6. Keytool will prompt for the keystore password, by default the password is changeit.   
  7. Type yes to trust the certificate.

  8. Verify that your certificate was import into the keystore: 

    keytool -list -v -keystore ./jre/lib/security/cacerts -alias LDAP

  9. The Crowd service must be restarted for the certificate changes to take effect.  The following command, run as the root user, will restart the crowd service:

    /etc/init.d/crowd restart

最終更新日: 2018 年 1 月 19 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する

関連コンテンツ

  • 関連コンテンツがありません
Powered by Confluence and Scroll Viewport.