How to get JIRA External Gadgets over SSL working in Confluence

Adam Barylak
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 10, 2013

I have enabled SSL via a reverse proxy for JIRA, and am trying to get Confluence to recognize the Gadgets from JIRA. I have set up the application link using https, and added the JIRA cert to confluence's jre. I am getting an error stating: "Cannot connect to host at https://jiradev.company.com/rest/gadgets/1.0/g/feed." when i try to add the Gadget Feed.

Does anyone know what may be the cause of this?

The true reason i'm trying to do this is because users are having issues adding gadgets to confluence currently via standard http, because confluence is SSL, and some browsers do not display unsecured content so the user doesn't even get the configuration screen for the gadget. So, if there is an easier way to do that, it would solve everything, but i think the only way to accomplish this is have the gadgets use SSL as well.

Please help. Thanks.

3 answers

1 accepted

1 vote
Answer accepted
Adam Barylak
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 27, 2013

This turned out to be an issue with the way the gadgets trusts certificates. Even though the cert is trusted by the cacerts store, it did not allow it since the URL was not in the cert. So, i had to generate a new correct certificate for the JIRA server and use that. I also made sure i set up the application link very basically without any IP patterns or URL patterns. Adding those patterns ended up causing more issues in the logs and problems in the UI as well. So, you have to ensure the server URL is in either the Common Name or in the DNS names in a SAN cert. Then this does work correctly. Even though Application link allows the connection doesn't mean that the external gadgets portion will allow the same SSL cert.

Andrew Bilukha May 10, 2018

Adam, could you please elaborate on that with concrete examples?

Adam Barylak
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 10, 2018

Wow, talk about an old question and answer.  This was 5 years ago and you want concrete examples?

Due to other issues that have come up with other applications i administer, i have come to find out that the "standard" that all browsers should be following is that the URL being contacted should be in the DNS section of the Certificate, and if it is only in the Common Name section, browsers should regard it as an invalid cert.  Therefore, it sounds like what i came across 5 years ago was the start of this.

Also, I kept my initial answer as generic as possible on purpose.  This is because it all depends on where you are getting your certificate from (GoDaddy, internal Cert Auth, etc.).  Therefore, you just have to remember to use whatever URLs are possible for the Jira site in your cert being used for Jira and put those into the DNS attribute for the cert.  There is not much more "concrete" information I can provide as it all depends on your source of the certificate.

Please refer to your specific Certificate Authority processes or documentation for further information on correctly configuring a certificate.

Andrew Bilukha May 11, 2018

Right. Thanks.

0 votes
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 10, 2013
This seems to be a connectivity issue rather than anything to do with HTTPS. Can you check if there are any firewall rules or anything if that blocks the JIRA URL from Confluence box?
Adam Barylak
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 12, 2013

It doesn't seem to be a connectivity issue since the Application Link connects with the other application just fine. How would it be a firewall rule if the URL in the gadget feed is https and we have the application link configured with https? I also don't even think that we have a firewall between these 2 systems at all.

Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 13, 2013

So, you have application link configured with the same url but it fails only in gadgets? Can you make sure remote API is turned ON in JIRA under Administration > General Configuration?

Adam Barylak
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 13, 2013

External Gadgets were working when i did not have SSL configured for JIRA, but now i do, so i'm pretty sure everything is set up so that it should be able to get those gadgets, but it is failing for me. I checked anyway, and yes, remote API is turned on. Any ideas?

Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 13, 2013

Ceritifcate errors are usually different and I am confused with the Connect error. Ofcourse, the SSL port could be blocked but I imagine that is not the case since it is working for application links. Sorry, no other ideas from me!

0 votes
Adam Barylak
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 10, 2013

Additional information: this is JIRA 5.2.6 and Confluence 4.3.5

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events