I have enabled HTTPS on my Stash instance. Now I would like to use the Backup Client but I need some information to fill the `backup-config.properties` file.
Are you using a self-signed certificate on Stash?
If so, can you follow the KB below, please:
Yes I'm using a self-signed certificate on Stash.
Regarding the contents of the KB my server does not have a domain name so I always access it using its IP.
I've created a new certificate for "localhost" with the IP as an alternative name and I get the second error mentioned in the KB: PKIX path building failed etc.
Following the instructions in the second KB I got it to work. Thanks for the documentation Thiago!
I was able to get this to work by adding the self signed cert to the java keystore on the server.
This is the correct link for testing with SSLPoke to confirm it's a cert issue: https://confluence.atlassian.com/display/KB/Unable+to+Connect+to+SSL+Services+due+to+PKIX+Path+Building+Failed
Then it has a link to the resolution on the page that it goes to here: (command line section)
cliff notes version for Linux:
1) openssl s_client -connect yourserver.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt
2) <JAVA_HOME>/bin/keytool -import -alias <server_name> -keystore <JAVA_HOME>/jre/lib/security/cacerts -file public.crt
- I used my full server name as the <alias> field
- default java keystore password is "changeit" if prompted
You'll also need to ensure that you put the cert it has you save into the correct cacerts directory. I had multiple so make sure that you verify which one your server is setup to use.
"Stash is run by the user `atlstash` which was created by the installer. What is this user's password? I need to write it to the `stash.password` property"
Answer: as described on Using the Stash Backup Client, the values you need to insert into
stash.password are related to the user with administrative privileges on your Stash instance (i.e. admin user/password that you use to login to the Stash UI).
In regards to your second question:
The exception below:
A backup could not be created. Reason: Unable to connect to localhost:7990; nested exception is
java.net.ConnectException: Connection refused
Means you didn't have your instance up and running at the time. Stash needs to be up and running so the backup client can back it up.
I hope that helps.
Regarding my first question I corrected my mistake.
Regarding the second question I think it's something else. I think my instance is definitely up and running, since I can log in to it and view the repositories. However I'm not accessing it from
http://<the server IP>:7990 but from
https://<the server IP>:8443 since I have enabled HTTPS and disabled regular HTTP.
I do get the exact same error message if I stop the Stash service.
If I set the
stash.baseUrl property to
https://localhost:8443 I get a different error message :
ERROR A backup could not be created. Reason: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
It seems logical to me that "no name matching
localhost" is found since the subject name of the SSL certificate is the server IP.
I tried something different: I re-enabled the HTTP connector in
stash/3.5.1/conf/server.xml and restarted Stash. Accessing Stash using HTTP on port 7990 works again. Now the Backup Client works.
But I don't want to leave HTTP enabled so I would like to have the Backup Client working with HTTPS if possible.
I'm having the same problem that Pierre is having with the backup-client failing with https. I get the same error:
[root@dev001 backup]# ./backup-stash.sh
2015-01-22 11:12:42,803 INFO Initializing
2015-01-22 11:12:44,863 ERROR A backup could not be created. Reason: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
org.apache.wink.client.ClientRuntimeException: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:241) ~[wink-client-1.4.jar:1.4]
at org.apache.wink.client.internal.ResourceImpl.invoke(ResourceImpl.java:189) ~[wink-client-1.4.jar:1.4]
... 17 more frames available in the log file
however, we cannot turn on http access again. HOW can we backup stash through SSL?
https://confluence.atlassian.com/display/STASHKB/Can%27t+backup+due+to+PKIX+path+building+failed+-+unable+to+find+valid+certification+path+to+requested+target didn't help. I was able to pull the public.crt file and create a new stash.jks file but can't get the backup client to use it. I still get this error. I'm going to log this as a formal issue instead of as a comment.
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
As a project manager, I have discovered that different developers want to bring their previous branching method with them when they join the team. Some developers are used to performing individual wo...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs