Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage

New Smart mirror request erroring out Edited

Rahul Sahotay
Rahul Sahotay Sep 28, 2017

Hello Team:

 

I have installed a mirror server but while approving it from master I'm seeing below error,

Failed to approve USA Sandbox.
Failed to install mirror USA Sandbox from /rest/mirroring/latest/upstreamServers/b4d732ca-cfb2-3814-a395-bf8489cb2988/addon/descriptor (Reason 'javax.net.ssl.SSLHandshakeException: General SSLEngine problem')

 

I'm running both instance on https but SSL certificate vendor is different

 

BB_MIRROR.png

 

Target Host:-

 TARGET.png

 

 

Please let me know if I'm doing something wrong

Answer
Watch
Like Gyana Ranjan (TCS) likes this
706 views

2 answers

0 votes
Philip Armour
Philip Armour Nov 30, 2017

Hi Rahul,

I had a similar problem - Atlassian support directed me to this page:

https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html

For me, the problem was solved by adding the certificates for the SSL to the java keystore for both the mirror and the DC nodes. For example:

Go to location of the Java which bitbucket is using - this may be <Bitbucket INSTALL>/jre or something like /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre on Linux

then run:

bin/keytool -import -alias foobar.com -keystore lib/security/cacerts -file /etc/httpd/ssl/foobar_com.crt

Substituting foobar.com for your domain name and making sure the path to the certificate is valid.

You can use the 'SSL Poke' tool in the link above to test the connections are working before restarting Bitbucket.

View More Comments
Eyzen M_ Kim
Eyzen M_ Kim Jun 19, 2019

Hi Philip

I'm having the same error but my Primary is in a different network than my mirror and the mirror is behind a firewall. 

Does the mirror URL needs to be accessible by the Primary server?

Like
Philip Armour
Philip Armour Jun 19, 2019

Hi Eyzen,

Absolutely yes! and vice-versa

Like
Reply
0 votes
niels_andersen
niels_andersen Jan 30, 2020

Also java needs the client certificate for the oposite, so you master must have the client certs for the mirror and visa versa.

you typically need to open 443 (for 7990) and (for 7999) to get the mirror to work. If i remember correctly the mirror process syncs mete data on http and repository data on ssh.

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
Community showcase
Imran Khan
Imran Khan
Published in Bitbucket

Calling any interview participants for Bitbucket Data Center

Hi everyone,  We are looking to learn more about development teams’ workflows and pain points, especially around DevOps, integrations, administration, scale, security, and the related challeng...

441 views 4 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you