Updating Atlassian Certificates Bundles
This article describes how to update Atlassian CA certificates to enable app signing. These certificates are used to validate apps hosted on the Atlassian Marketplace.
このページの内容
コンテキスト
To enable app signing, you need to set up your trust store by securely adding all certificates from trusted sources. There may be more than one trusted source. The next sections explain the two main scenarios.
Trust Atlassian app signing CA
Atlassian app signing Certificate Authority (CA) certificates are part of the certificate chain of trust used by Atlassian Marketplace to sign apps. The UPM validates apps' certificates by verifying their certificate path; therefore, the Atlassian CA certificates must be trusted and stored in the local trust store.
Installation process
- Download the latest Certificates Bundle from the list below.
- Verify bundle checksum. How to verify checksum on Windows, Linux, or MacOS
- Extract the bundle certificates, which should include:
- Atlassian Root CA certificates
- Atlassian Intermediate CA certificates
- Store all certificate files in your trust store. The trust store location is listed on the UPM Certificates admin page.
- Make sure the file permissions are set correctly. For details, see Configuration resources location.
- Remove any expired certificates.
Private builds and custom certificates
Marketplace partners and clients may generate their own signing certificates. For guidance, see
Generating app signature and verification certificate using OpenSSL. These certificates must also be trusted to support private builds and custom app installations.
Installation process
- Get the signing certificate using one of the following methods:
- Private builds: the certificate will be provided by the Marketplace partner.
- Custom apps: follow the instructions in the Generating app signature and verification certificate using OpenSSL documentation.
- Add the certificate to your trust store. The trust store location is listed on the UPM Certificates admin page.
- Make sure the file permissions are set correctly. For details, see Configuration resources location.
- Remove any expired certificates.
The certificate bundle includes a new Intermediate certificate and the unchanged Root certificate from the previous bundle.
Atlassian Certificates Bundles
Active certificates are those currently used to sign Marketplace apps. Scheduled certificates are the next certificates that will be used once they become active. Certificates are provided in advance to enable seamless app installation and prevent any service disruptions.
| 日付 | ステータス | Certificates Bundle | Checksums | |
|---|---|---|---|---|
| ACTIVE | SHA-256 | 190241780305743cbc2f5d2b9fbcf2e6bd23ce188362b74a2a3acbd21d52816d | |
SHA-512 | 21c841b57a37262558b5444d9f781414e574478761967ca9ea93674d471d8e611892dc72fc0ed22d863d29b8e86170d02c60206163448db8ae3cfd3869c2ea11 | |||
SHA-256 | 373f4142d72eb111333f8bd2bd618cf02ae380f027878e7f0a23fdcd77b9df5a | |||
SHA-512 | 7505ac87568db2eaed3faf71b5cd4502e2cff6c3648de11b8a93e9eca4052223e2774d7b430a81b20e04cbd0572f3a436db6a9eac73c792cad90723f49e0f1cc | |||
| SCHEDULED Activation scheduled for | SHA-256 | c43dff941049fa4cf289a0227e41375e4a6cceb1d798864eb63b1c9da8e0456e | |
SHA-512 | 24e1a4e258ef519e9aba34bcf0781a6cd565f135c1b036038adcf6b611e337c95fb5cb43604a10a8583c1fab71096932a8c7a81c2f7e4b27ec68e02493a9aa97 | |||
SHA-256 | 1a1afb665f567d3dd25e46c37e829a8391359608b721c2659eb56fbf1f221569 | |||
SHA-512 | 1aabf3b3f1991fad3c7257629124282a05daffaacb7e08e3313e496e49b5bb2ba5c2a835c039574a002f0bdce0c31c4069d13fad6c7f384e3cf3f848b6b5ab6f | |||