Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Application links over https

Rafal Niznik
Rafal Niznik March 11, 2018

Hi All

 I was just wondering if you can help me solve the configuration issue because I'm running out of ideas.

The whole thing is that I'm not able to establish application link between confluence and jira.

My current configuration:

Jira and Confluence is installed on single linux (debian) server with two network adapters and configured to use https with self-signed certificate.

Confluence is accessible from https://192.168.1.100:8443 and Jira from https://192.168.1.101:8444 or by fully qualifiaide doman name. This configuration works ok and I'm able to access those applications without any problems over https and even when switching back to https. Problem stars when I tried to add application links. I was able to add application links when confluence and jira were working on standard pors 8080 and 8090 but not able when I swith back to https.

The error I was able to see wans this "server name may be using a self-signed SSL certificate or a certificate that was issued by a certificate authority that isn't known locally."

Would you be able to assist because I'm running out of ideas how to fix this but I think this has something to do with java root CA

 

Best Regards

Raf

 

Answer
Watch
Like jwcrawford likes this
8752 views

4 answers

1 accepted

2 votes
Answer accepted
Shannon S
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 12, 2018

Hi Raf,

Can you check that the certificate from each application is in the other application's Java truststore? You can read more information about this here:

Regards,

Shannon

View More Comments
Rafal Niznik
Rafal Niznik March 12, 2018

Hi Shannon

Confluence and Jira are using currently different self signed certificates but those two certificates are placed in to one store so in this example /etc/ssl/cert.jks

Like
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 12, 2018

Frequently there is a keystore that the application uses to serve it's certificates and another keystore called a "truststore" that contains all the certificate authority certs and any self-signed certs you have added. By default, the truststore is in the Java directory, for example: JAVA_HOME/lib/security/cacerts

Although we are not seeing "pkix path building failed" this article has the details for adding your self-signed cert to the Java truststores for the applications. Unable to Connect to SSL Services due to PKIX Path Building Failed

I am pretty sure this is a truststore issue based on "server name may be using a self-signed SSL certificate or a certificate that was issued by a certificate authority that isn't known locally." However, there are more troubleshooting options in this guide: SSL and application link troubleshooting guide

Like
Rafal Niznik
Rafal Niznik March 14, 2018

Ann thanks for advice :-)
After importing self-signed certs in to default java cacerts  the error is gone and I was able to link applications

Like
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 14, 2018

That's great news! Thanks for circling back and accepting the answer. :)

Like
Rafal Niznik
Rafal Niznik March 14, 2018

Actually after linking the application I was not able to establish outgoing and incoming OAuth because configuration error.  But I have figured out that under server.xml I had this setting 

proxyName="confluence.loc" proxyPort="443"

After removing this everything works now :-)

Like
Reply
1 vote
Carl Wiedebaum
Carl Wiedebaum January 8, 2019

Hi, 

 

I'm having similar issues, but I have dedicated servers for both Jira and Confluence. Does this mean that I need to have Jiras SSL certificate in Confluences JAVA_HOME/lib/security/cacerts and vice versa for Confluence? 

 

Is there some command or config change that I also need to do? Running on windows server. 

 

Thanks

View More Comments
Carl Wiedebaum
Carl Wiedebaum January 9, 2019

I used the KeyTool Explorers "Examine SLL" feature to import the Cert to JAVA_HOME cacert file but still cant connect Jira to Confluence. 

 

If I try to create the application link from JIRA I get error that Confluence cant be reached. When I try to create the link from Confluence, it finds the JIRA and creates the link from Confluence to Jira, when I'm forwarded to Jira to complete the application link, in JIRA the completion fails. 

Like
Carl Wiedebaum
Carl Wiedebaum January 9, 2019

Got it! I needed to import the Cert to JRE_HOME/cacert.... 

Like
Reply
0 votes
Ernesto Di Luccia
Ernesto Di Luccia March 22, 2018

can anyone tell me in which folder do the cert files need to be in order to use HTTPS?

View More Comments
Vickey Palzor Lepcha
Vickey Palzor Lepcha
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 22, 2018

Hello Ernesto - you can keep it in any location you like - but your ssl config file should have a line that points to the certificate location.

Like
Vickey Palzor Lepcha
Vickey Palzor Lepcha
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 22, 2018

My ssl file has a configuration like this - it just points to the location where i have it.

 

SSLCertificateFile      /apache/certificates/certificate_file.pem

Like
Ernesto Di Luccia
Ernesto Di Luccia March 22, 2018

I'll check that out. thank you very much

Like
Reply
0 votes
Vickey Palzor Lepcha
Vickey Palzor Lepcha
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 12, 2018

It was like 4-5 years back - when I introduced apache http infront of jira and confluence - it broke my app link.

I just settled with creating and unproxied link between the two.

 

Just a thought - is the cert issuing authority same for both the certs and have they been applied in both truststores ?

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events