Step 1: Trust SharePoint's SSL Certificate
If you purchased a certificate from a trusted certificate authority, then your certificate is already trusted by the Confluence server and you can skip this step. Go to step 2 below. If you generated your own certificate or obtained one from a less well-known certificate authority, please follow the steps below. |
To configure Confluence to trust the certificate on your SharePoint server, you must add the certificate's public key to the Java runtime's Certificate Authority keystore as described below.
Step 1.1: Create a .cer File
The certificate's public key must be imported into the Java keystore as a certificate file in |
A simple way to create the required file is to import and export the certificate in and out of the Windows certificate store. This works because the export operation allows you to choose the export format.
The first step is to import the certificate into Windows:
- Using a Windows computer, open the Microsoft Management Console by clicking the 'Start' button, selecting 'Run' and then running the command 'mmc.exe'.
- In the Microsoft Management Console, select 'Add/Remove Snap-in...' from the 'File' menu.
- Click ''Add....
- Highlight the 'Certificates' snap-in from the list and click 'Add'.
- Ensure that 'My user account' is selected and then click 'Finish'.
- Click 'Close'.
- Click 'OK'.
- Expand the tree from 'Console Root' to 'Certificates - Current User' to 'Personal'.
- Right-click 'Personal' and select 'Import...' from the 'All Tasks' menu.
- When the 'Certificate Import Wizard' is displayed, click 'Next'.
Screenshot: The certificate import wizard
- Click 'Browse...' and select the
.pfxcertificate file. (You may need to set the 'Files of type' filter to 'Personal Information Exchange (.pfx, *.p12)*'. - Click 'Next'.
- Enter the 'Password' for the certificate.
- Ensure that the 'Mark this key as exportable' option is selected.
- Click 'Next'.
- Click 'Next'.
- Click 'Finish'.
At this point, your certificate should appear in the 'Personal' folder of the 'Certificates' snap-in.
Screenshot: Personal certificates
Now you can export the certificate in the desired .cer format:
- Right-click the certificate and select 'Export...' from the 'All Tasks' menu.
- When the Certificate Export Wizard opens, click 'Next'.
- Ensure that the 'No, do not export the private key' option is selected.
- Click 'Next'.
- Ensure that the 'DER encoded binary X.509 (.CER)' option is selected.
- Click 'Next'.
- Enter a 'File name' for the exported certificate (such as '{{}}C:\cert.cer').
- Click 'Next'.
- Click 'Finish'.
Step 1.2: Import the .cer File onto the Confluence Server
We have provided a batch script (see below) for Windows environments. If you are running Confluence on UNIX, please perform the import manually. The batch script uses the Java runtime's keytool command to import the certificate into the required location on the Confluence server. The script will add the certificate to the root Java Secure Sockets Extensions keystore, which is located in your Java Runtime Enviroment's (JRE's) lib\security directory with the name jssecacerts. This is the required location in order for the certificate to be trusted by Confluence.
This script assumes the following about your environment:
|
Copy and execute this batch script (Windows) to add the certificate to the keystore:
@echo off set keytool="%JAVA_HOME%\bin\keytool.exe" set keystore="%JAVA_HOME%\jre\lib\security\jssecacerts" set certificatefile=C:\sharepoint.cer %keytool% -import -alias sharepoint -keystore %keystore% -storepass changeit -file %certificatefile% |
Step 2: Configure the Alternative URL in Confluence
The final step is to configure your Confluence server to communicate via the new URL you have set up.