Confluence and AD connection via SSL

Hello,

I can't setup connection between confluence 4.3 and my Active Directroy server.

I managed to setup it without ssl but with ssl it doesn't work. I have keystore with following certificates :

1. Certificate of my active directory server.

2 Certification of my CA which sign certificate #1.

Here is simple manual but it doesn't work for me.

https://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory

I get the following exception :

Root exception is javax.naming.CommunicationException: off
ice.company.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching office.company.com found.]]

My server certificate CN is : server.office.company.com and I use this name in confleunce configuration.

What might be the problem ?

Regards,

Alexey

1 answer

1 accepted

Hi Alexy,

I believe the problem here is that the embedded Crowd in your Confluence verifies the hostname on SSL certificates whilst communicating with LDAP servers over SSL, as documented in this ticket: https://jira.atlassian.com/browse/CWD-2690

What this means is that the hostname must match that on the SSL certificate or Confluence will not connect to the directory. This is by design, so you will need to workaround this in one of the folllowing ways:

  1. Fix the certificate to contain the correct name. This is the preferred (and most secure) fix.
  2. Using an 'ldaps' connection URL and leaving 'Secure SSL' (on Crowd) or 'Use SSL' (in Embedded Crowd) unchecked in the Crowd Console will use an SSL connection but will not verify that the hostname and certificate match.
  3. Edit /etc/hosts to allow you to use the incorrect name in the certificate. Add the FQDN on the certificate and match it to the IP address of the server.

Hopefully one of the above options will resolve your issue for you.

All the best,
John

Thanks a lot for your help.

We opened bug report https://jira.atlassian.com/browse/CONF-26826

Also I added comment to workaround tiket : https://jira.atlassian.com/browse/CONF-26049

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Published 10 hours ago in Confluence

Think you know shares vs. @mentions in Confluence? Take this collab quiz.

To anyone who doubts that Atlassians are a little too obsessed with collaboration, and tools related thereto, let me describe a recent discussion we had (which took place on our internal Confluence, ...

91 views 2 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you