Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket SSLHandshakeException on connection to Jenkins server

Andy Cravens
Andy Cravens October 19, 2017

Using Bitbucket 5.4.0.  I'm trying to configure a webhook to a Jenkins server that is running SSL on port 443.  The webhook fails with this error: 

 

javax.net.ssl.SSLHandshakeException: General SSLEngine problem

After turning on debug level logging I can clearly see it's because the certificate is not trusted.  I have already imported the Jenkins server's cert into the Bitbucket keystore and trusted it.  I have also installed and trusted the intermediate and root CA certificates.  I even went so far as to test the java keystore to verify all the certs were properly installed (in the proper order) in the Bitbucket keystore.  I tested using the SSLPoke utility.  Everything passes.  This should work.

 

The bitbucket.properties file references the location of the java keystore.  The password to the keystore is correct.  I'm at a loss as to why Bitbucket does not trust the cert.  Bitbucket is either not using the keystore as configured or there really is a problem with the keystore.  Is there some other utility I can use to verify the keystore?  Is there a way to verify Bitbucket is using the configured keystore?

Answer
Watch
Like # people like this
3810 views

2 answers

1 accepted

0 votes
Answer accepted
Stephen Garber
Stephen Garber
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 17, 2020

Here's how to solve this problem.

 

You'll need to import the public key from in the bitbucket java cacerts file.

First export the certificate:

openssl s_client -connect google.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt

Next, you can import the new cert into the trust store:

<JAVA_HOME>/bin/keytool -import -alias <server_name> -keystore <JAVA_HOME>/jre/lib/security/cacerts -file public.crt 

 

Full info and windows instructions are here:

https://confluence.atlassian.com/bitbucketserver071/if-you-use-self-signed-certificates-998653703.html 

Reply
0 votes
Shashank Maruvada
Shashank Maruvada
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 20, 2017

Hi Andy,

 

Thanks for reaching out! Though I don't have your debug logs to be sure, this may be an issue with the password setting.

If you're sure the keystore path is correct, please ensure both the key-password and the key-store-password are set. These are required to be the same value in order to access the key.

In addition, be sure the key-alias and key-store-type are correct as well.

 

Thanks,

Shashank

View More Comments
SoftSolutions4U
SoftSolutions4U February 15, 2018

Hi friends,

   I'm also facing same problem like "javax.net.ssl.SSLHandshakeException: General SSLEngine problem" in webhook bitbucket.

Webhooks Bitbucket.png

I don't know how to import certificate ? and how to do ssl related config. 

Any one suggest how to do for certificate configuration for step by step process

Please suggest me.

Thanks

SS4U

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events