Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

connecting bitbucket to jira/crowd behind apache reverse proxy

Mike Andrewjeski
Mike Andrewjeski December 19, 2017

Hi We've been asked to connect bitbucket to jira where jira is using apache 2.2 reverse proxy.  When testing with SSLPoke things are fine.  The certs from jira have been added using keytool in the default cacerts file ~/jre/lib/security/cacerts

When testing the directory via the GUI The error is: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

My question is, where should the certs file live?  in the bitbucket.properties file?

BTW we're using bitbucket 5.3.1 & apache is listening on 443

 

Answer
Watch
Like Be the first to like this
435 views

1 answer

0 votes
Ana Retamal
Ana Retamal
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 20, 2017

Hi Mike! Welcome to the Community :)

where should the certs file live?

Short answer:

The keystore (also known as the truststore) is typically located at $JAVA_HOME/lib/security/cacerts). This contains a list of all known Certificate Authority (CA) certificates. The instructions can be found at Connecting to SSL services.

Long answer:

The error you're getting has been documented in our knowledge base, you can find it at 

Unable to connect to SSL services due to pkix path building failed. My recommendation would be to read that article to understand why it happened and follow the steps there to fix the issue. 

Let us know if this helped you!

Best regards,

Ana

View More Comments
Mike Andrewjeski
Mike Andrewjeski December 20, 2017

Thanks, yes I've read that article and my cacerts are in the correct spot,  I've used SSLPoke to verify successfully.  I think the issue is to do with the apache proxy.  I can successfully use the Directory if I specify port 8080 on the host.  

Cheers Ana!

Like
Mike Andrewjeski
Mike Andrewjeski December 22, 2017

in answer to your last question,  no this didn't help.

Like
Mike Andrewjeski
Mike Andrewjeski December 29, 2017

I can see via Vhost config that we are proxy'ing connections.

and that apache is listening on 443. 

If I test the directory on port 443,  I see this:

 

screenshot-git.scint.businesswire.com-2017-12-29-09-52-45.png

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 31, 2017

That error suggests Apache is not proxying Jira properly, or that there are some security settings blocking access (at least to the "pages" that the internal Crowd serves up)

Like
Mike Andrewjeski
Mike Andrewjeski January 2, 2018

Cheers Nic.  Looking into ti today. 

Thank you

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events