Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Importing SSL certificate: 'Could not establish trust for the CA reply. The import cannot proceed'

Harry Clark
Harry Clark January 8, 2023

I'm following these directions, using Portecle

https://confluence.atlassian.com/adminjiraserver/running-jira-applications-over-ssl-or-https-938847764.html

I'm using certs from a well-known CA, in the cacerts truststore in the Jira JRE install. 

It came time to renew a certificate. After a first failure to import the new cert, I started over, with a fresh keystore, generated the CSR, and got the cert reissued. I imported the intermediate cert into the keystore. It was not trusted, and I let it in using the prompts. Upon using 'Import CA Reply' on the keypair (per directions) I get the above. 

This is on Jira 8.20.1, using mysql57. This was a working installation until installing the new cert. The trust problem suggests the cert authority is not recognized but it's in cacerts. JAVA_HOME is set to the JRE in the Jira install and PATH points to the JRE's bin. Portecle should be using the correct JRE. No others are installed actually, on a dedicated machine. This is not a new problem, but other discussions aren't useful. Thanks for any comments

Answer
Watch
Like Be the first to like this
1150 views

1 answer

1 accepted

1 vote
Answer accepted
Harry Clark
Harry Clark January 8, 2023

There is a Portecle setting not documented in the instructions, "use cacerts truststore", which you can set when you import CA reply. That cleared up the trust problem.

View More Comments
Harry Clark
Harry Clark January 9, 2023

Something else noteworthy in this area. The Jira config.bat does not expose the useSSL setting for the JDBC URL. I turned SSL on and got a cascade of errors in the logs, a Jira plugin could not find the mysql driver, and a repeated WARNING about SSL betw Jira and mysql not being configured. I googled the warning and learned of the useSSL setting, and edited dbconfig.xml to make it false. The logs cleared up and Jira ran okay. Before that it would start but error out at login. This setting is not exposed by config.bat

Like
Harry Clark
Harry Clark January 9, 2023

Also, when you turn on SSL, you must configure "relaxed escape characters" on the <connector> in server.xml. It's in the Jira doc separately, not with SSL installation. All this applies to 8.20.1 Jira. Don't know about later

Like
Trish Cordes
Trish Cordes August 26, 2024

Enabling the Use CA Certs Keystore got me past the 'Could not establish trust for the CA reply. The import cannot proceed' error but returned multiple error so I still can't import the certificate. Any idea what I need to do to get past this?

2024-08-28_16-34-32.png

 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
VERSION
8.20.1
TAGS
AUG Leaders

Atlassian Community Events

    See all events