Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Confluence not reachable/accessible after cert migration

Thorsten Schmitt January 29, 2019

Hey Confluence-Support!

 

First, here you go with a few details about my config:

  • - Windows Server 2016 Build 1607 (VM) / 2 Core Xeon / 8GB RAM
  • - atlassian-confluence-6.13.0-x64.exe has been installed
  • - server has been configured as a Windows service
  • - internal dns (AD) has been configured in case of hostname/IP
  • - external dns has been configured
  • - internal firewall/ports have been configured

 

The default setup was running perfectly until migrating to https.

After carefully following this guide

https://confluence.atlassian.com/conf64/running-confluence-over-ssl-or-https-936511699.html

Both pages are no more available (http://host.localdomain.loc:8090, https://host.mydomain.com:8443). Means i´m no more able to login...

In fact, ports 8090 and 8443 are reachable, i can do a "telnet host.localdomain.loc 8090" from internal network and a "telnet host.mydomain.com 8443" from the outside world.

Also, tomcat9.exe service is running with at least 1,7GB memory consumption.

 

Each and every command during ssl migration was successful without any error:

  • generate .keystore (Keypair)
  • create request
  • wait to receive official cert from our provider
  • export private key from .keystore
  • remove recently added cert from .keystore
  • export to pkcs12 format
  • import from pkcs12 to JKS

 

The only related log entries i can find in the atlassian-confluence.log:

Caused by: java.net.SocketTimeoutException: Read timed out
 at java.net.SocketInputStream.socketRead0(Native Method)
 at java.net.SocketInputStream.socketRead(Unknown Source)
 at java.net.SocketInputStream.read(Unknown Source)
 at java.net.SocketInputStream.read(Unknown Source)
 at sun.security.ssl.InputRecord.readFully(Unknown Source)
 at sun.security.ssl.InputRecord.read(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
 at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
 at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)

...but unfortunately i can´t find something really helpful in the Internet.

 

I´ve also tried to find a solution by following this guide:

https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html

 

Hopefully you guys can help me!

Thanks a lot in advance!

Best Regards

Thorsten

 

1 answer

0 votes
Diego
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 30, 2019

Hello there Thorsten, thanks for reaching out to Community!

Thanks for sending so much detail our way. However, we would like to ask you for some more:

  1. Was this an upgrade from and older Confluence version or a clean install?
  2. If you undo the SSL, are you able to connect to Confluence?
  3. What exactly happens when you try to access Confluence from a Browser?
  4. Is there any error thrown on screen?
  5. When you say that you are unable to login, does it mean that the login page does load and the login process never finishes?
  6. When you say that you are unable to login, does it mean that the login page never loads?
  7. What happens if you access Confluence via localhost?

The errors shown could imply that your server is currently unable to reply in a timely manner, triggering this timeout. As a next step, I would recommend you to check if access via localhost does work.

 

Let us know your thoughts!

Thorsten Schmitt January 30, 2019

Hi Diego,

thanks for your reply!

Hopefully i´ll be able to answer your questions accordingly... here you go.

 

1. Was this an upgrade from and older Confluence version or a clean install?

- this was a fresh & clean install on a brand new Server 2016 VM

2. If you undo the SSL, are you able to connect to Confluence?

- to be honest, i never thought about doing so. To be more honest, we´re a bit let´s say in a hurry, as users need to connect from their mobile devices...

3. What exactly happens when you try to access Confluence from a Browser?

- when accessing the server, it takes several minutes until i get a response

4. Is there any error thrown on screen?

- it doesn´t matter in which way i´m trying to connect (http://localhost:8090, http://fqdn:8090, https://localhost:8443 or https://fqdn:8443 or each via IP address), there´s no 'real' error message, but the browsers response 'server timed out'

5. When you say that you are unable to login, does it mean that the login page does load and the login process never finishes?

- unfortunately no, I just can´t reach the login page, see Q/A#4

6. When you say that you are unable to login, does it mean that the login page never loads?

- exactly, it never appeared after migrating to ssl

7. What happens if you access Confluence via localhost?

- it´s the same behaviour when trying to connect via localhost, IP, internal fqdn, external fqdn

 

Please let me know if you need further infos, e. g. screenshots, eventlogs, etc.

Thanks again, have a nice day :-)

Cheers

Thorsten

Thorsten Schmitt March 22, 2019

Hi,

 

I haven´t been able to fix this issue, so maybe somebody can help..?

 

Thanks in advance!

Regards

Thorsten

Diego
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 22, 2019

Thorsten, somehow your previous reply did not come through.

Thanks for providing even more details and getting back to us once more!

Ok, so let us start looking at other points:

  1. Check the passwords for your keystore and certificate file are correct
  2. Check permissions for both <confluence-home> and <confluence-install>
    1. these folders should be owned by the user running Confluence and also have full read/write/execute permissions for the same user
  3. Check that your server.xml connector points to the correct path to your keystore file

Since you specified that even in localhost (accessing directly via the server itself) times out, we may have some problems with the certificates here.

Here is some detail about the folders I mentioned:

Confluence Home and other important directories

Further, could you provide us with an excerpt of your server.xml file where we could read the https connector you are currently using? Be careful not to disclose any sensitive information in this excerpt. Community is an open space and everyone can see here!

Looking forward to your reply.

Thorsten Schmitt April 2, 2019

 

Hi Diego,

 

thanks for your reply and sorry for my late response as i have been abroad.

 

So, all of your Point 1-3 i´ve been through and everything seems to be fine.

Attached you can find my server.xml (personal details have been changed):

 

server-xml.JPG

 

Thanks again for your help, really apreciate it.

Have a nice day!

Best Regards

Thorsten

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events