Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

ApplicationLink from Jira To Bitbucket is working, Same link from Confluence To Bitbucket not.

Jeff Stirn
Jeff Stirn September 21, 2018

Hello,

we configured our system (jira, confluence and bitbucket) from scheme http to scheme https (SSL-Security).
We have connected Jira to Confluence and Bitbucket over here new https address and everything is working well. Now when is setup the binding in Confluence to Jira and Bitbucket, only Jira is working well. My bitbucket-link https://bitbucket.convis.lu is not working, because the message "The remote certificate can't be trusted".

Please notice, that jira can connect to bitbucket over the same link.

When i set the link via http://<ip>:<port> is it working, but i don't want this.

I can't figure out why jira can connect and confluence not.
Do you can help me to solve this issue, please?

Best regards


Kai Hagedorn
INFORMATIK / SERVICE INFORMATIQUE

CONVIS s.c.
4, zone artisanale et commerciale
L-9085 Ettelbruck

Tel.: +352 26 81 20-355
Fax: +352 26 81 20-655
E-Mail: Kai.Hagedorn@convis.lu
Website: www.convis.lu

Answer
Watch
Like Be the first to like this
815 views

2 answers

0 votes
Jeff Stirn
Jeff Stirn September 25, 2018

Finally solved.

The problem was that jira and bitbucket used java under C:\Program Files\Java\
and confluence brings and use his own java installation under C:\Program Files\Atlassian\Confluence\jre.

Both JAVA-Installations has had its own cacerts (Trust-Store for CA-Certs).
After adding the missing certs in chain to the file
"C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts" too, confluence was able to connect to bitbucket.

But there is still one thing, i still couldn't understand:
Why was Confluence able to connect to Jira without the cert-chain in his trust-store?
It was the same wildcard-cert.



View More Comments
Shannon S
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 25, 2018

Hi Jeff,

Keep in mind that each application can be configured with a different trust store location, so this could cause the issue you are seeing.

Another alternative would be that if they are running within a different JVM, or on a different server, it might not be configured to trust the certificate.

I'm happy to hear you resolve your issue at any rate, and glad the article helped you towards that resolution.

Take care!

Shannon

Like
Reply
0 votes
Shannon S
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 24, 2018

Hi Jeff,

According to an SSL checker, you may not have the intermediate certificates installed.

Can you please do that running through this article and let me know if you still have any issues?

Regards,

Shannon

View More Comments
Jeff Stirn
Jeff Stirn September 25, 2018

Thank you very much for the link.

It helps me allready a bit.


$JAVA_HOME/bin/java SSLPoke jira.convis.com 443

  That command failes as you expected with the error

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe


If I add now the Parameter

-Djavax.net.ssl.trustStore=/mypathToTheStoreFile

the test will pass.

Why Jira doesn't use my keystore?

Please, see my screenhots from the keystore, jira-configuration and confluence-configuration.

Keystore
Screenshot_Keystore.png

Jira-ConfigScreenshot_Jira_Configuiration.png

Confluence-Config (Server.xml)
   For more info see https://confluence.atlassian.com/x/s3UC
         ==============================================================================================================
        -->

        <Connector port="8444" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1+TLSv1.1+TLSv1.2" SSLEnabled="true"
                   URIEncoding="UTF-8"
                   keystoreType="JKS" keystorePass="ConVis#2018!!!" keystoreFile="D:\Atlassian\ApplicationData\JIRA\jira.jks"
                   keyAlias="1" />



Thanks in advance
  


Like
Jeff Stirn
Jeff Stirn September 25, 2018

A Part of that problem is solved now. Thank you.

In the java default cacerts file, was still one intermediate cert missing.

C:\Program Files\Java\jre1.8.0_151\bin>java SSLPoke bitbucket.convis.lu 443
Successfully connected

Now, i get no erros when i run

java SSLPoke bitbucket.convis.lu 443

but the origin problem still exist.

Screenshot_Confluence_AppLink_Settings.pngScreenshot_Confluence_AppLinks.png






 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security