Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Application links over https

Hi All

 I was just wondering if you can help me solve the configuration issue because I'm running out of ideas.

The whole thing is that I'm not able to establish application link between confluence and jira.

My current configuration:

Jira and Confluence is installed on single linux (debian) server with two network adapters and configured to use https with self-signed certificate.

Confluence is accessible from https://192.168.1.100:8443 and Jira from https://192.168.1.101:8444 or by fully qualifiaide doman name. This configuration works ok and I'm able to access those applications without any problems over https and even when switching back to https. Problem stars when I tried to add application links. I was able to add application links when confluence and jira were working on standard pors 8080 and 8090 but not able when I swith back to https.

The error I was able to see wans this "server name may be using a self-signed SSL certificate or a certificate that was issued by a certificate authority that isn't known locally."

Would you be able to assist because I'm running out of ideas how to fix this but I think this has something to do with java root CA

 

Best Regards

Raf

 

4 answers

1 accepted

2 votes
Answer accepted

Hi Raf,

Can you check that the certificate from each application is in the other application's Java truststore? You can read more information about this here:

Regards,

Shannon

Hi Shannon

Confluence and Jira are using currently different self signed certificates but those two certificates are placed in to one store so in this example /etc/ssl/cert.jks

AnnWorley Atlassian Team Mar 12, 2018

Frequently there is a keystore that the application uses to serve it's certificates and another keystore called a "truststore" that contains all the certificate authority certs and any self-signed certs you have added. By default, the truststore is in the Java directory, for example: JAVA_HOME/lib/security/cacerts

Although we are not seeing "pkix path building failed" this article has the details for adding your self-signed cert to the Java truststores for the applications. Unable to Connect to SSL Services due to PKIX Path Building Failed

I am pretty sure this is a truststore issue based on "server name may be using a self-signed SSL certificate or a certificate that was issued by a certificate authority that isn't known locally." However, there are more troubleshooting options in this guide: SSL and application link troubleshooting guide

Ann thanks for advice :-)
After importing self-signed certs in to default java cacerts  the error is gone and I was able to link applications

AnnWorley Atlassian Team Mar 14, 2018

That's great news! Thanks for circling back and accepting the answer. :)

Actually after linking the application I was not able to establish outgoing and incoming OAuth because configuration error.  But I have figured out that under server.xml I had this setting 

proxyName="confluence.loc" proxyPort="443"

After removing this everything works now :-)

Hi, 

 

I'm having similar issues, but I have dedicated servers for both Jira and Confluence. Does this mean that I need to have Jiras SSL certificate in Confluences JAVA_HOME/lib/security/cacerts and vice versa for Confluence? 

 

Is there some command or config change that I also need to do? Running on windows server. 

 

Thanks

I used the KeyTool Explorers "Examine SLL" feature to import the Cert to JAVA_HOME cacert file but still cant connect Jira to Confluence. 

 

If I try to create the application link from JIRA I get error that Confluence cant be reached. When I try to create the link from Confluence, it finds the JIRA and creates the link from Confluence to Jira, when I'm forwarded to Jira to complete the application link, in JIRA the completion fails. 

Got it! I needed to import the Cert to JRE_HOME/cacert.... 

It was like 4-5 years back - when I introduced apache http infront of jira and confluence - it broke my app link.

I just settled with creating and unproxied link between the two.

 

Just a thought - is the cert issuing authority same for both the certs and have they been applied in both truststores ?

can anyone tell me in which folder do the cert files need to be in order to use HTTPS?

Hello Ernesto - you can keep it in any location you like - but your ssl config file should have a line that points to the certificate location.

My ssl file has a configuration like this - it just points to the location where i have it.

 

SSLCertificateFile      /apache/certificates/certificate_file.pem

I'll check that out. thank you very much

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

What do you think is the most *delightful* Confluence feature? Comment for a prize!

- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...

408 views 23 8
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you