Creating an SSL keystore for bitbucket server

Question

I'm getting quite frustrated trying to setup https access to our bitbucket server.

Following bitbuckets documentation isn't that helpful.

So far I have the executed the following commands

Firtly, I created a certificate signing request and sent that to my certificate provider and they have sent me a certificate.

openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

At this point I have 3 files, domain.key, domain.csr and a ssl certificate provided to mey, domain.cer

I then tried to create a keystore with the following command

keytool -genkey -alias tomcat -keyalg RSA -keystore ssl-keystore

I was prompted for a keystore password and I provided one.

I then tried to import the certificate provided to me.

keytool -import -alias tomcat -file domain.cer -keystore ssl-keystore

and got the following error.

keytool error: java.lang.Exception: Public keys in reply and keystore don't match

I'm a complete ssl newbie and am relying on following website instructions and am at a loss now what to do.

Answer 1

Assuming you have 2 files below domain.key and domain.cer (private key and signed certificate) you can change tho format to pkcs12 like this

openssl pkcs12 -export -in domain.cer -inkey domain.key -name domain -out domain.p12

and then import in jkl with

keytool -importkeystore -deststorepass changeme1 -destkeystore domain.jks -srcstorepass changeme2 -srckeystore domain.p12 -srcstoretype pkcs12

where changeme1 is the new keystore password and changeme2 is the password specified during the export (first step)

now you can use domain.jks