After setting up successfully HTTPS for a few Atlassian services, one of them being Bamboo, I tried to secure the connection between the Bamboo server and a remote agent.
I followed this guide (official Atlassian doc). Basically, it just instructs you do change two values in the Bamboo configuration (to ssl://).
Now, the remote agent cannot register with the server. Here is the error I get in catalina.out on the Bamboo server:
2019-10-22 14:14:22,599 ERROR [ActiveMQ BrokerService[bamboo] Task-7] [TransportConnector] Could not accept connection from tcp://IP:PORT : javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
Note that this works perfectly if I revert to non ssl broker connection (but still HTTPS for Bamboo web server).
First, I thought that the problem was because I was using a custom keystoreFile="" in the Connector of Bamboo.
This looks similar in the doc:
If you're using custom SSL setup (e.g. you're running Bamboo with -Djavax.net.ssl.keyStore=SOMEPATH), you need to follow the guidelines in Manually securing your remote agents.
Sadly, the page is from 2017 and the "Manually securing your remote agents" was probably removed, because there is no link to it anymore.
So, I simply redid the install of HTTPS certificates without using a custom keystoreFile="" in the Connector. The keystore is now the default $HOME/.keystore and the connector doesn't specify any path.
The connection still doesn't work. Bamboo is supposed to distribute the certificates, so I don't understand what is wrong:
After they're done, Bamboo will automatically set up the key/trust stores and distribute certificates to the agents the moment the first time the agent connects to the server.
I think that this page could be improved a bit, giving more details.
Look at workaround at issue https://jira.atlassian.com/browse/BAM-20521
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.