New Smart mirror request erroring out

Rahul Sahotay September 28, 2017

Hello Team:

 

I have installed a mirror server but while approving it from master I'm seeing below error,

Failed to approve USA Sandbox.
Failed to install mirror USA Sandbox from /rest/mirroring/latest/upstreamServers/b4d732ca-cfb2-3814-a395-bf8489cb2988/addon/descriptor (Reason 'javax.net.ssl.SSLHandshakeException: General SSLEngine problem')

 

I'm running both instance on https but SSL certificate vendor is different

 

BB_MIRROR.png

 

Target Host:-

 TARGET.png

 

 

Please let me know if I'm doing something wrong

2 answers

0 votes
niels_andersen January 30, 2020

Also java needs the client certificate for the oposite, so you master must have the client certs for the mirror and visa versa.

you typically need to open 443 (for 7990) and (for 7999) to get the mirror to work. If i remember correctly the mirror process syncs mete data on http and repository data on ssh.

0 votes
Philip Armour November 30, 2017

Hi Rahul,

I had a similar problem - Atlassian support directed me to this page:

https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html

For me, the problem was solved by adding the certificates for the SSL to the java keystore for both the mirror and the DC nodes. For example:

Go to location of the Java which bitbucket is using - this may be <Bitbucket INSTALL>/jre or something like /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre on Linux

then run:

bin/keytool -import -alias foobar.com -keystore lib/security/cacerts -file /etc/httpd/ssl/foobar_com.crt

Substituting foobar.com for your domain name and making sure the path to the certificate is valid.

You can use the 'SSL Poke' tool in the link above to test the connections are working before restarting Bitbucket.

Eyzen M. Kim June 19, 2019

Hi Philip

I'm having the same error but my Primary is in a different network than my mirror and the mirror is behind a firewall. 

Does the mirror URL needs to be accessible by the Primary server?

Philip Armour June 19, 2019

Hi Eyzen,

Absolutely yes! and vice-versa

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events