Bitbucket SSL Setup
To secure Bitbucket server with a self-signed certificate, you’ll need to stop the server, generate a certificate, create a bitbucket.properties file, and restart the server.
This is for testing purposes only. In production, you should not use a self-signed certificate. And I’m assuming Bitbucket server is already running http on the default port 7990 on Ubuntu 18.04 LTS.
Stop bitbucket server:
sudo service atlbitbucket stop
Generate SSL keystore:
If you do not have Java installed, you must first install and verify you have the keytool
command
#install Java sudo apt-get install oracle-java8-installer
Verify keytool:
which keytool
Generate a self-signed certificate:
sudo keytool -genkey -alias tomcat -keyalg RSA -sigalg SHA256withRSA \ -keystore /var/atlassian/application-data/bitbucket/shared/config/ssl-keystore
Answers to the certificate creation … Note “What is your first and last name?” is the “Common Name” and should be the server name. Also the default password for tomcat is “changeit” … for testing purposes, it’s easiest to just use it as the default password.
Enter keystore password: changeit
Re-enter new password: changeit
What is your first and last name?
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=bitbucket-gk, OU=testco, O=testco, L=Phoenix, ST=Arizona, C=AZ correct?
Ignore the Warning:
The JKS keystore uses a proprietary format”.
There is No need to convert in dev environment. But you can convert it to “PKCS12”, but you have to add an additional line to your bitbucket.properties files:
server.ssl.key-store-type=pkcs12
Create bitbucket.properties file:
This file does not exist by default. If it’s missing, you must create it.
sudo nano /var/atlassian/application-data/bitbucket/shared/bitbucket.properties
Paste these into the bitbucket.properties file and save:
#ssl settings server.port=8443 server.ssl.enabled=true server.ssl.key-store=/var/atlassian/application-data/bitbucket/shared/config/ssl-keystore server.ssl.key-store-password=changeit server.ssl.key-password=changeit
To start bitbucket server:
sudo service atlbitbucket start
Wait about 3-5 minutes for the server to restart and access it on https://localhost:8443
To Export Out Certificate
If you want to export out the Java Keystore to a public .cer, and import into macOS keychain.
keytool -export -alias tomcat -file /tmp/bitbucket-gk.cer \ -keystore /var/atlassian/application-data/bitbucket/shared/config/ssl-keystore
Copy to local machine:
scp -rp ssh username@bitbucket-gk:/tmp/bitbucket-gk.cer /tmp
Once it’s copied to local machine you can double click the .cer to open the “Add Certificates” dialog box and import it into your local keychain. Once it’s imported, you can change the trust level to “Always Trust”.