Secure Sockets Layer (SSL) Configuration (v 1.0)

Secure Sockets Layer is supported by the SharePoint Connector for Confluence.

Below are some tips for setting up SSL on Confluence.

1. Getting SSL Running on Confluence

For setting up SSL on Confluence, see the Atlassian documentation on Adding SSL for Secure Logins and Page Security.

Note that site administrators in SharePoint have control of what port and protocol (http vs. https) is used for accessing Confluence. If you want to prevent SharePoint from accessing Confluence via clear text (non-SSL) regardless of what setting SharePoint site administrators use, then you need to set up a security constraint as discussed in the link above, but use the following URL pattern as shown below.

<security-constraint>
   <web-resource-collection>
      <web-resource-name>Restricted URLs</web-resource-name>
      <url-pattern>/rpc/*</url-pattern>
   </web-resource-collection>
   <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
</security-constraint>

That URL pattern is required because SharePoint accesses Confluence through web services which all use "rpc" as part of the URL. Any links shown in SharePoint that go to confluence are not affected by this URL pattern, however (see Confluence Configuration further below for how links are affected).

If you have any problems, the Atlassian SSL documentation mentioned above references an Apache page on How to Configure SSL for Tomcat which you may find useful.

2. Setting up SharePoint to Trust the Confluence SSL Certificate

If you are using a certificate for Confluence that is not from a certificate authority (i.e., not from Verisign), you will need to set up each web front end in your SharePoint farm to trust the Confluence certificate. Do the following on each web front end:

• Store the certificate to your hard drive
  • Browse to Confluence using SSL (e.g., https://confluence:8443) and use your browser to save the certificate. For IE7 this is done by choosing "No" if asked to display the nonsecure items, then clicking on the lock after the URL, choosing view certificates, details tab, then clicking the "Copy to File..." button.
  • Using the default "DER encoded binary X.509 (.CER)" is fine.

• Add the certificate that you just saved as a Trusted Root Certification Authority
  • Click Start-Run and type "mmc"
  • File->Add/Remove Snap-in...
  • Click the "Add..." button
  • Choose "Certificates" and click "Add"
  • Choose "Computer account" and click "Next"
  • Choose "Local computer" and click "Finish"
  • Click "Close" then "OK" - you should see the Certificates nodes in the MMC
  • Navigate to Certificates (Local Computer)->Trusted Root Certification Authorities->Certificates.
  • Right click the "Certificates" folder in the tree view and choose All Tasks->Import...
  • Browse to the certificate you saved in the previous step
  • Choose "Place all certificates in the following store" (keep the store as "Trusted Root Certification Authorities")
  • Click "Next" then "Finish"

3. Confluence Configuration

Make sure the Server Base Url is set properly with the https protocol and appropriate port. To find this browse to Confluence and navigate to Administration->General Configuration. The setting is near the top of the page. The value should be something like "https://confluence:8443" (depending on your server name and port, of course).

This value affects all links shown in the SharePoint web parts that reference Confluence.

4. SharePoint Configuration

As discussed in SharePoint Feature Configuration, you specify the Confluence site URL. If Confluence is using SSL, change this to have the appropriate protocol and port (e.g., "https://confluence:8443").