Hi We've been asked to connect bitbucket to jira where jira is using apache 2.2 reverse proxy. When testing with SSLPoke things are fine. The certs from jira have been added using keytool in the default cacerts file ~/jre/lib/security/cacerts
When testing the directory via the GUI The error is: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".
My question is, where should the certs file live? in the bitbucket.properties file?
BTW we're using bitbucket 5.3.1 & apache is listening on 443
Hi Mike! Welcome to the Community :)
where should the certs file live?
Short answer:
The keystore (also known as the truststore) is typically located at $JAVA_HOME/lib/security/cacerts). This contains a list of all known Certificate Authority (CA) certificates. The instructions can be found at Connecting to SSL services.
Long answer:
The error you're getting has been documented in our knowledge base, you can find it at
Unable to connect to SSL services due to pkix path building failed. My recommendation would be to read that article to understand why it happened and follow the steps there to fix the issue.
Let us know if this helped you!
Best regards,
Ana
Thanks, yes I've read that article and my cacerts are in the correct spot, I've used SSLPoke to verify successfully. I think the issue is to do with the apache proxy. I can successfully use the Directory if I specify port 8080 on the host.
Cheers Ana!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I can see via Vhost config that we are proxy'ing connections.
and that apache is listening on 443.
If I test the directory on port 443, I see this:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That error suggests Apache is not proxying Jira properly, or that there are some security settings blocking access (at least to the "pages" that the internal Crowd serves up)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.