Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

New Smart mirror request erroring out Edited

Hello Team:

 

I have installed a mirror server but while approving it from master I'm seeing below error,

Failed to approve USA Sandbox.
Failed to install mirror USA Sandbox from /rest/mirroring/latest/upstreamServers/b4d732ca-cfb2-3814-a395-bf8489cb2988/addon/descriptor (Reason 'javax.net.ssl.SSLHandshakeException: General SSLEngine problem')

 

I'm running both instance on https but SSL certificate vendor is different

 

BB_MIRROR.png

 

Target Host:-

 TARGET.png

 

 

Please let me know if I'm doing something wrong

2 answers

Hi Rahul,

I had a similar problem - Atlassian support directed me to this page:

https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html

For me, the problem was solved by adding the certificates for the SSL to the java keystore for both the mirror and the DC nodes. For example:

Go to location of the Java which bitbucket is using - this may be <Bitbucket INSTALL>/jre or something like /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre on Linux

then run:

bin/keytool -import -alias foobar.com -keystore lib/security/cacerts -file /etc/httpd/ssl/foobar_com.crt

Substituting foobar.com for your domain name and making sure the path to the certificate is valid.

You can use the 'SSL Poke' tool in the link above to test the connections are working before restarting Bitbucket.

Hi Philip

I'm having the same error but my Primary is in a different network than my mirror and the mirror is behind a firewall. 

Does the mirror URL needs to be accessible by the Primary server?

Hi Eyzen,

Absolutely yes! and vice-versa

Also java needs the client certificate for the oposite, so you master must have the client certs for the mirror and visa versa.

you typically need to open 443 (for 7990) and (for 7999) to get the mirror to work. If i remember correctly the mirror process syncs mete data on http and repository data on ssh.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Calling any interview participants for Bitbucket Data Center

Hi everyone,  We are looking to learn more about development teams’ workflows and pain points, especially around DevOps, integrations, administration, scale, security, and the related challeng...

441 views 4 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you