SSL handshake error on LDAP and mail

I have created a java truststore for one self-signed cert and one official cert.

I used your SSL poke class to test the cert and it works fine when i point out the

trusstore -Djavax.net.ssl.trustStore=/srv/git-bitbucket/atlassian-bitbucket-4.14.x/data/shared/certifikat/git_ldap_and_ad.truststore -Djavax.net.ssl.trustStorePassword=xxxxxx

I have added these values to /opt/git-bitbucket/atlassian-bitbucket-4.14.7/bin/setenv.sh so that they can be seen with a ps -ef

In the GUI it still does not work

The log file atlassian-bitbucket-mail.log shows

2017-08-16 09:31:04,346 ERROR [http-nio-7990-exec-3] mut @I77VQLx571x178x0 89r7at 172.20.140.103,0:0:0:0:0:0:0:1 "POST /admin/mail-server HTTP/1.1" bitbucket.mail-log Sending mail failed. Please verify the mail server configuration and check the logs for details; recipient: otto.jagebo@bolagsverket.se; subject: Bolagsverket Bitbucket - Test email for your SMTP configuration
org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Failed messages: javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

I can not upgrade to the latest as we use the latest git rpm package for SLES12 sp2 linux and therefor version 4.14.7 seems to be the latest tested for git-core-1.8.5.6-18.1.x86_64

Should i configur the truststore in a property or xml file as well or?

 

 

2 answers

In setenv.sh you have the following: JAVA_TRUSTSTORE and JAVA_TRUSTSTORE_PASSWORD. Have you tried using that instead?

# The full path to the Java truststore which must contain the client certificates accepted by Bitbucket for SSL authentication
# of JMX
#
#JAVA_TRUSTSTORE=

#
# The password for JAVA_TRUSTSTORE
#
#JAVA_TRUSTSTORE_PASSWORD=

We have Centos 7 which does not ship with required git versions for Bitbucket 5.X. 

Here is a summary of what we did: (Centos)

yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel
yum install gcc perl-ExtUtils-MakeMaker
wget https://www.kernel.org/pub/software/scm/git/git-2.9.3.tar.gz
tar xzf git-2.9.3.tar.gz
cd git-2.9.3/
make prefix=/usr/local/git all
make prefix=/usr/local/git install

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

678 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot