Dear,
When i try to add our ticket address to a project i get the following error.
"unable to find valid certification path to requested target"
I've been searing on the community page but i still don't have a solution yet.
In C:\Program Files\Atlassian\JIRA\bin>tomcat8w //ES//JIRAServiceDesk170418102xxx
I Enabled TLS in Java with -Dmail.imap.starttls.enable=true
When I use IMAP with port 143 I get the error message from above.
When I use IMAP with port 993 (TLS) I get the error message "read Timed out"
In java in the default "cacerts" file i added our arbor.media certificates with the use of Portecle (java).
In Windows i added a new envoirment variable (JAVA_HOME) = C:\Program Files (x86)\Java\jre1.8.0_171\
Does our Email server also needs Atlassian Jira certificates?
How can I verify which path the jira software tries to take for the certificates (Windows) (to verify the right home directory is set)
I don't know what else i can try...
Thank you in advance!
Daan Krauts
Did you add the CA cert before you specified the JAVA_HOME? If so, then it's possible Jira could have been using a different JRE and in turn a different cacert location for the keystore/truststore.
Also, after you set the JAVA_HOME, did you restart Jira? I would expect this to have to take place for Jira to start up with that specific JVM.
If you've done both of these things and Jira is still having an error connecting to this secure mail server, try to follow the steps in Unable to Connect to SSL Services due to PKIX Path Building Failed. That KB has a utility there called sslpoke. Try following those steps from the Jira server, using the same java path Jira is using to see what results you get. The results of this test should tell us more about this.
In most cases I don't think you need to provide any certs from Jira to the mail server to make this work. Jira is establishing the connection, so in most cases it should be able to do this with the correct cert of that server. I say most because I recently have seen some Exchange setups that only accept connections from specifically set senders. See https://practical365.com/exchange-server/configuring-the-tls-certificate-name-for-exchange-server-receive-connectors/ for more details. I'm not sure if this applies to you here, but might be helpful
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.