Note
background information When creating a certificate: The " keytool -genkeypair
command creates a key pair, including the public key and the associated private key, and then stores it in KeyStore. This command packages the public key to the V3 self-signed certificate, and is stored as a single element in the certificate chain. The certificate chain and the private key are stored as a new KeyStore instance at the same time. is identified by the alias you specify on the command line. The Java SE documentation can help you better use this tool.
Custom SSL Port : If you modify the default port (8443) for which your SSL connector is running, you must update the properties of the callout HTTPS connection to redirectPort
map to the new SSL port. Tomcat needs this information to know that it should redirect to that port for access HTTPS.
multiple instances of the same host : When you have multiple instances running on the same host, it is important to determine the address, which is defined in the <CONFLUENCE_INSTALLATION>/conf/server.xml
file, and the default connector will list all available network interfaces . Therefore, specifying an address will prevent conflicts between connectors running in the same port in the same host. Refer to the TOMCAT Connector documentation for more information about address properties: https://tomcat.apache.org/tomcat-8.0-doc/config/http.html
<Connector port=
"8443" address=
"your.confluence.url.com"
maxHttpHeaderSize=
"8192"
maxThreads=
"150" minSpareThreads=
"25" maxSpareThreads=
"75"
enableLookups=
"false" disableUploadTimeout=
"true"
acceptCount=
"100" scheme=
"https" secure=
"true"
clientAuth=
"false" sslProtocol=
"TLS" SSLEnabled=
"true"
URIEncoding=
"UTF-8" keystorePass=
"<MY_CERTIFICATE_PASSWORD>"
keystoreFile=
"<MY_CERTIFICATE_LOCATION>"
/>
|
HTTPS must be configured at your full site : HTTPS cannot encrypt only a separate page or space.
before you upgrade to confluence : Record your changes server.xml
and web.xml
files. Once each upgrade is complete, you will need to reconfigure the configuration files that you have modified. It is best to add it manually instead of copying and pasting the entire file.
Problem solving
For an issue where Internet Explorer cannot download attachments , applying SSL throughout the site may cause IE to not download the attachment correctly. To fix this problem, edit <CONFLUENCE_INSTALLATION>/conf/server.xml
and then add the following line to the <Context ... />
element:
<Valve className= "org.apache.catalina.authenticator.NonLoginAuthenticator" disableProxyCaching= "true" securePagesWithPragma= "false" /> |
Https://www.cwiki.us/display/CONF6ZH/Running+Confluence+Over+SSL+or+HTTPS
Confluence 6 running over SSL or HTTPS-remarks and problem resolution