Organizational unit: this is the team or department requesting the certificate, for example 'marketing'.The CN must match the fully qualified hostname of the server running Confluence, or Tomcat won't be able to use the certificate for SSL. First and last name: this is not your name, it is the Common Name (CN), for example ''.
Follow the prompts to specify the certificate details. This info is used to construct the X.500 Distinguished Name (DN) of the entity.Make a note of the password, you'll need it in the next step.Tomcat has a known issue with special characters. When prompted, create a password for the certificate (private key). $JAVA_HOME/bin/keytool -genkeypair -keysize 2048 -alias tomcat -keyalg RSA -sigalg SHA256withRSA To generate a self-signed certificate using keytool:įrom the command line, run the appropriate command for your operating system: In this example, we'll use Java's keytool utility, which is included with the JDK. If you're not comfortable using command line utilities KeyStore Explorer is a useful alternative to the command line. Users won't be able to log in to your site at all via the Confluence Server mobile app if you use a self-signed certificate. This usually will only occur the first time they access the site. In general, you might use a self-signed certificate on a test environment and on internal corporate networks (intranets).īecause the certificate is not signed by a certificate authority (CA), users may receive a message that the site is not trusted and may have to perform several steps to accept the certificate before they can access the site. Self-signed certificates are useful if you require encryption but don't need to verify the identity of the requesting website.
Option 1: Create a self-signed certificate You can't use the app with a self-signed certificate, or one from an untrusted or private CA. If your team plans to use the Confluence Server mobile app, you'll need a certificate issued by a trusted Certificate Authority. You can create your own self-signed certificate, or acquire one from a trusted Certificate Authority. If you already have a certificate, skip to step 2. You'll need a valid certificate before you can enable HTTPS.
We recommend you enable HTTPS on your site. Running Confluence without HTTPS enabled may leave your site exposed to vulnerabilities, such as man-in-the-middle or DNS rebinding attacks.