Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Stash backup client problem with self-signed certificate

kayy11
kayy11 October 9, 2014

In my Stash installation I configured tomcat's server.xml and web.xml according to this link so that HTTP is blocked and automatically redirected to HTTPS. Using a self-signed certifcate the stash backup client runs into trouble, output is:

2014-10-10 13:13:36,673 ERROR        A backup could not be created. Reason: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching <our real and existing servername> found
org.apache.wink.client.ClientRuntimeException: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching <our real and existing servername> found

What I tried:

  • localhost and <our real and existing servername>, run as root or the stash user
  • added javax.net.ssl.keyStore=/home/atlstash/.keystore to backup-config.properties (location of the keystore containing the self-signed certificate)
  • Everything else works as expected after accepting the certificate when entering the site for the very first time

What can I do to get this working?

Is there a way to allow HTTP connections to tomcat from localhost only?

Thanks in advance

Answer
Watch
Like Be the first to like this
605 views

4 answers

0 votes
PB Xu1
PB Xu
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 4, 2015

You can also try it the other way around: Program a workaround, example: http://pastebin.com/g8KFQHms This class calls the backup client, but before excludes localhost from certificate checking. Compile it with something like: javac -cp .:stash-backup-client.jar SSLWorkAround.java And run it with: java -cp .:stash-backup-client.jar SSLWorkAround

Reply
0 votes
Mike Friedrich
Mike Friedrich
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 12, 2014

So both logfile and the certicate show the same sever FQDN? I was assuming a mismatch between the certificate and the server configuration. If thats not the case i recommend opening a ticket with Atlassian Support. Maybe the backup tool cannot deal with the redirect from http to https when communicating with the server.

Reply
0 votes
kayy11
kayy11 October 9, 2014

Yes it's like myhost.myprovider.com. In backup-config.properties I specified https://myhost.myprovider.com.net:8443. myhost.myprovider.com is a technical domain name like you get it when ordering a root server

Reply
0 votes
Mike Friedrich
Mike Friedrich
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 9, 2014

Is the server name shown in FQDN format?

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events