You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
After setting up successfully HTTPS for a few Atlassian services, one of them being Bamboo, I tried to secure the connection between the Bamboo server and a remote agent.
I followed this guide (official Atlassian doc). Basically, it just instructs you do change two values in the Bamboo configuration (to ssl://).
Now, the remote agent cannot register with the server. Here is the error I get in catalina.out on the Bamboo server:
2019-10-22 14:14:22,599 ERROR [ActiveMQ BrokerService[bamboo] Task-7] [TransportConnector] Could not accept connection from tcp://IP:PORT : javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
Note that this works perfectly if I revert to non ssl broker connection (but still HTTPS for Bamboo web server).
First, I thought that the problem was because I was using a custom keystoreFile="" in the Connector of Bamboo.
This looks similar in the doc:
If you're using custom SSL setup (e.g. you're running Bamboo with -Djavax.net.ssl.keyStore=SOMEPATH), you need to follow the guidelines in Manually securing your remote agents.
Sadly, the page is from 2017 and the "Manually securing your remote agents" was probably removed, because there is no link to it anymore.
So, I simply redid the install of HTTPS certificates without using a custom keystoreFile="" in the Connector. The keystore is now the default $HOME/.keystore and the connector doesn't specify any path.
The connection still doesn't work. Bamboo is supposed to distribute the certificates, so I don't understand what is wrong:
After they're done, Bamboo will automatically set up the key/trust stores and distribute certificates to the agents the moment the first time the agent connects to the server.
I think that this page could be improved a bit, giving more details.