Confluence and AD connection via SSL

Hello,

I can't setup connection between confluence 4.3 and my Active Directroy server.

I managed to setup it without ssl but with ssl it doesn't work. I have keystore with following certificates :

1. Certificate of my active directory server.

2 Certification of my CA which sign certificate #1.

Here is simple manual but it doesn't work for me.

https://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory

I get the following exception :

Root exception is javax.naming.CommunicationException: off
ice.company.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching office.company.com found.]]

My server certificate CN is : server.office.company.com and I use this name in confleunce configuration.

What might be the problem ?

Regards,

Alexey

1 answer

1 accepted

Hi Alexy,

I believe the problem here is that the embedded Crowd in your Confluence verifies the hostname on SSL certificates whilst communicating with LDAP servers over SSL, as documented in this ticket: https://jira.atlassian.com/browse/CWD-2690

What this means is that the hostname must match that on the SSL certificate or Confluence will not connect to the directory. This is by design, so you will need to workaround this in one of the folllowing ways:

  1. Fix the certificate to contain the correct name. This is the preferred (and most secure) fix.
  2. Using an 'ldaps' connection URL and leaving 'Secure SSL' (on Crowd) or 'Use SSL' (in Embedded Crowd) unchecked in the Crowd Console will use an SSL connection but will not verify that the hostname and certificate match.
  3. Edit /etc/hosts to allow you to use the incorrect name in the certificate. Add the FQDN on the certificate and match it to the IP address of the server.

Hopefully one of the above options will resolve your issue for you.

All the best,
John

Thanks a lot for your help.

We opened bug report https://jira.atlassian.com/browse/CONF-26826

Also I added comment to workaround tiket : https://jira.atlassian.com/browse/CONF-26049

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jul 10, 2018 in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

670 views 21 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you