We looked at how to install Jira on Rocky Linux Server in our previous tutorial. In this article, We’ll learn how to secure Jira Server after installation using a Let’s Encrypt SSL certificate.
What’s SSL / TLS Encryption?
Transport Layer Security (TLS) is a cryptographic protocol designed to offer communications security across a computer network. It is the successor to the now-deprecated Secure Sockets Layer (SSL). Although the protocol is extensively used in applications such as email, instant messaging, and voice over IP, its usage as the security layer in HTTPS (Hypertext Transfer Protocol Secure) is the most generally known.
Benefits of Using SSL / TLS Encryption
Here are the advantages of using SSL / TLS Encryption:
- Using an SSL / TLS connection helps your site’s visitors trust you.
- Information is transmitted through an encrypted connection between the client and the server, which improves security.
- HTTP/2 has a number of advantages over its predecessor, including header compression, parallelism on a single connection, complete multiplexing, and so on.
- Let’s Encrypt now offers free SSL certificates that may be installed directly from your server, making installation easier.
- TLS ensures that no data is lost while being sent, therefore improving data integrity.
- When a website is protected using TLS, it is deemed dependable and trustworthy.
3 Ways to Secure Jira with SSL Certificate
You can choose to secure Jira server using one of the following options:
Self-signed certificate
In cryptography and computer security, a self-signed certificate is a security certificate that is not signed by a certificate authority (CA). These certificates are simple to create and do not require any money. They do not, however, provide all of the security characteristics that CA-signed certificates provide. People who visit a website that utilizes a self-signed certificate to deliver HTTPS services, for example, may receive a warning in their browser. Visitors who ignore these warnings run the danger of a third party intercepting traffic to the website using the third party’s own self-signed certificate.
Commercially signed Certificate by CA
A certificate authority, often known as a certification authority (CA), is a cryptographic institution that provides digital certificates. A digital certificate verifies that the identified subject of the certificate owns a public key. Others (relying parties) can trust signatures and statements about the private key that matches to the certified public key. The subject (owner) of the certificate and the party relying on the certificate both trust a CA as a trusted third party. The X.509 or EMV standard governs the format of these certificates.
Free Let’s Encrypt SSL
Let’s Encrypt is just a non-profit trusted entity maintained by the Internet Security Research Group (ISRG) that distributes free Digital certificates for TLS encryption. It is the world’s largest certificate authority,[2] with over 265 million websites[3] utilizing its services, with the objective of ensuring that all websites are safe and utilize HTTPS.
How To Secure Jira With Let’s Encrypt SSL Certificate
In this guide we are going to use option 3 which Let’s Encrypt SSL to Secure Jira Server.
Benefits of Using Let’s Encrypt SSL
Below are the cool advantages of using Let’s Encrypt SSL:
- It’s safe – Let’s Encrypt acts as a platform for putting contemporary security approaches and best practices into effect.
- It’s easy – The whole certificate enrollment procedure takes place within the server’s native installation or setup process. In the background, the renewal happens automatically.
- They provide the same degree of security as commercial SSL certificates.
- It’s free – Anyone else who manages a domain may get a trustworthy certificate for it at no charge.
- You have the choice of using a single domain, several domains, or a wildcard.
- It’s easy – There’s no cost, no verification emails, and certificates automatically renew.
Step 1: Install Certbot Certificate generation tool on Linux
Certbot is a free, open source software application that uses Let’s Encrypt certificates to enable HTTPS on manually-managed websites. Certbot is a project of the Electronic Frontier Foundation (EFF), which aims to encrypt the whole Internet. HTTPS ensures secure Web connection by requiring the usage of a digital certificate that allows browsers to authenticate the identity of web servers. Certificate authorities, which are trustworthy third parties, provide certificates to web servers (CAs).
a) Install Certbot on Debian | Ubuntu Linux
We are going to install certbot for Nginx and Apache web servers.
Update your system:
sudo apt update
sudo apt upgradeInstall Certbot for Nginx:
sudo apt install certbot python3-certbot-nginxInstall Certbot for Apache:
sudo apt install certbot python3-certbot-apacheb) Install Certbot on CentOS | Rocky Linux
Update your system:
sudo dnf updateInstall the EPEL repository, which adds more and better packages to RHEL-based distributions:
sudo dnf install epel-release -yInstall Certbot for Nginx:
sudo dnf install certbot python3-certbot-nginxInstall Certbot for Apache:
sudo dnf install certbot python3-certbot-apache c) Install Certbot on Fedora
First update your system:
sudo dnf updateInstall Certbot for Nginx:
sudo dnf install python3-certbot-nginxInstall Certbot for Apache:
sudo dnf install python3-certbot-apache Step 2: Secure Jira with Let’s Encrypt SSL Certificate
Now, we are going to secure our previously installed Jira on Rocky Linux 9. If you haven’t seen it check the link below:
You have seen how to install Certbot on Rocky Linux above, run the following command to generate Let’s Encrypt SSL for Jira:
$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): <ENTER VALID EMAIL ADDRESS>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: jira.hirebestengineers.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for jira.hirebestengineers.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/jira.hirebestengineers.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/jira.hirebestengineers.com/privkey.pem
This certificate expires on 2021-12-21.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for jira.hirebestengineers.com to /etc/nginx/conf.d/jira.conf
Congratulations! You have successfully enabled HTTPS on https://jira.hirebestengineers.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Now restart Nginx for the changes made to take effect:
sudo systemctl restart nginxTo ensure that SSL certificate is installed, you will see a lock in your browser as shown below:
Step 3: Renewing Let’s Encrypt SSL Certificate
Run the following command to renew SSL Certificate of our domain above:
$ sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/jira.hirebestengineers.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an existing certificate for jira.hirebestengineers.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/jira.hirebestengineers.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Step 4: Enabling automatic renewal of SSL Certificate
We’ll utilize cron, a common system function for performing periodic jobs, to run the auto-renew. By opening and modifying a file called a crontab, we can instruct cron what to do.
sudo crontab -ePaste the contents below to the file above:
20 5 * * * /usr/bin/certbot renew --quietThe 20 5 * * * section of the code above indicates “every day at 5:20 a.m., run renew command.” You have the option to select at any moment.
Conclusion
Our post on How To Secure Jira Server With Let’s Encrypt SSL Certificate is now complete. We hope you find this tutorial useful.
More guides on our site:
