Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Errors when adding Email account (SSL/TLS)

Denia Zicolella
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 31, 2018

Dear,

When i try to add our ticket address to a project i get the following error.

"unable to find valid certification path to requested target"

I've been searing on the community page but i still don't have a solution yet. 

In C:\Program Files\Atlassian\JIRA\bin>tomcat8w //ES//JIRAServiceDesk170418102xxx
I Enabled TLS in Java with -Dmail.imap.starttls.enable=true

When I use IMAP with port 143 I get the error message from above.
When I use IMAP with port 993 (TLS) I get the error message "read Timed out"

In java in the default "cacerts" file i added our arbor.media certificates with the use of Portecle (java).

In Windows i added a new envoirment variable (JAVA_HOME) = C:\Program Files (x86)\Java\jre1.8.0_171\

Does our Email server also needs Atlassian Jira certificates?
How can I verify which path the jira software tries to take for the certificates (Windows) (to verify the right home directory is set)
I don't know what else i can try...

 

Thank you in advance!

 

Daan Krauts

1 answer

1 vote
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 31, 2018

Did you add the CA cert before you specified the JAVA_HOME?  If so, then it's possible Jira could have been using a different JRE and in turn a different cacert location for the keystore/truststore.

Also, after you set the JAVA_HOME, did you restart Jira?  I would expect this to have to take place for Jira to start up with that specific JVM.

If you've done both of these things and Jira is still having an error connecting to this secure mail server, try to follow the steps in Unable to Connect to SSL Services due to PKIX Path Building Failed.   That KB has a utility there called sslpoke.  Try following those steps from the Jira server, using the same java path Jira is using to see what results you get.   The results of this test should tell us more about this.

In most cases I don't think you need to provide any certs from Jira to the mail server to make this work.  Jira is establishing the connection, so in most cases it should be able to do this with the correct cert of that server.   I say most because I recently have seen some Exchange setups that only accept connections from specifically set senders.   See https://practical365.com/exchange-server/configuring-the-tls-certificate-name-for-exchange-server-receive-connectors/ for more details.  I'm not sure if this applies to you here, but might be helpful

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events