JIRA配置SSL

为了给JIRA配置SSL，折腾了好一会，主要还是源于对Tomcat不太熟悉。

JIRA官方网站上面有一个指南， 上面说的也听详细的。

 Running JIRA over SSL or HTTPS

可是照上面的做完之后，就是访问不了。没有办法htts://localhost:8443/访问，用"netstat -ano"命令查看，发现8443没有运行起来。

后面，打开 日志文件（JIRA\logs\jira110811123613-stderr.2011-08-16.log)，里面提示“Setting property 'keystoreFile' to {...} did not find a matching property”。

 

 文章里面有提到：

Can't find the keystore

java.io.FileNotFoundException: /home/user/.keystore (No such file or directory) 

This indicates that Tomcat cannot find the keystore. The keytool utility creates the keystore as a file called .keystore in the current user's home directory. For Unix/Linux the home directory is likely to be /home/<username>. For Windows it is likely to be C:\Documents And Settings\<UserName>.

Make sure you are running JIRA as the same user who created the keystore. If this is not the case, or if you are running JIRA on Windows as a service, you will need to specify where the keystore file is in conf/server.xml. Add the following attribute to the connector tag you uncommented:

 

以为我的JIRA就是安装成service的，所以要加上keystoreFile属性。 开始没注意看，把keystoreFile属性改了一通，试试"${user.home}/.keystore"，不管用；然后又试试"<JIRA_Installation>/jre/lib/security/cacerts/.."。

 

keystoreFile="<location of keystore file>"

 

 

 

 后面再仔细看错误日志，才发现。JIRA安装service时候，默认的使用”Local System“的账号， ”${user.home}“会被映射成"C:\Documents and Settings\All Users"目录，而当我们创建认证文件时，.keystore是在我们当前登录用户的目录里面。大部分时候是”C:\Documents and Settings\Administrator".

 把conf/server.xml改成如下就可以了:

 

            <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
              maxHttpHeaderSize="8192" SSLEnabled="true"
              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
              enableLookups="false" disableUploadTimeout="true"
              acceptCount="100" scheme="https" secure="true"
              keystoreFile="C:/Documents and Settings/Administrator/.keystore" keystorePass="changeit"
              clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true"/>