How to get JIRA External Gadgets over SSL working in Confluence

I have enabled SSL via a reverse proxy for JIRA, and am trying to get Confluence to recognize the Gadgets from JIRA. I have set up the application link using https, and added the JIRA cert to confluence's jre. I am getting an error stating: "Cannot connect to host at" when i try to add the Gadget Feed.

Does anyone know what may be the cause of this?

The true reason i'm trying to do this is because users are having issues adding gadgets to confluence currently via standard http, because confluence is SSL, and some browsers do not display unsecured content so the user doesn't even get the configuration screen for the gadget. So, if there is an easier way to do that, it would solve everything, but i think the only way to accomplish this is have the gadgets use SSL as well.

Please help. Thanks.

3 answers

1 accepted

1 vote
Accepted answer

This turned out to be an issue with the way the gadgets trusts certificates. Even though the cert is trusted by the cacerts store, it did not allow it since the URL was not in the cert. So, i had to generate a new correct certificate for the JIRA server and use that. I also made sure i set up the application link very basically without any IP patterns or URL patterns. Adding those patterns ended up causing more issues in the logs and problems in the UI as well. So, you have to ensure the server URL is in either the Common Name or in the DNS names in a SAN cert. Then this does work correctly. Even though Application link allows the connection doesn't mean that the external gadgets portion will allow the same SSL cert.

Adam, could you please elaborate on that with concrete examples?

Wow, talk about an old question and answer.  This was 5 years ago and you want concrete examples?

Due to other issues that have come up with other applications i administer, i have come to find out that the "standard" that all browsers should be following is that the URL being contacted should be in the DNS section of the Certificate, and if it is only in the Common Name section, browsers should regard it as an invalid cert.  Therefore, it sounds like what i came across 5 years ago was the start of this.

Also, I kept my initial answer as generic as possible on purpose.  This is because it all depends on where you are getting your certificate from (GoDaddy, internal Cert Auth, etc.).  Therefore, you just have to remember to use whatever URLs are possible for the Jira site in your cert being used for Jira and put those into the DNS attribute for the cert.  There is not much more "concrete" information I can provide as it all depends on your source of the certificate.

Please refer to your specific Certificate Authority processes or documentation for further information on correctly configuring a certificate.

Additional information: this is JIRA 5.2.6 and Confluence 4.3.5

0 votes
This seems to be a connectivity issue rather than anything to do with HTTPS. Can you check if there are any firewall rules or anything if that blocks the JIRA URL from Confluence box?

It doesn't seem to be a connectivity issue since the Application Link connects with the other application just fine. How would it be a firewall rule if the URL in the gadget feed is https and we have the application link configured with https? I also don't even think that we have a firewall between these 2 systems at all.

So, you have application link configured with the same url but it fails only in gadgets? Can you make sure remote API is turned ON in JIRA under Administration > General Configuration?

External Gadgets were working when i did not have SSL configured for JIRA, but now i do, so i'm pretty sure everything is set up so that it should be able to get those gadgets, but it is failing for me. I checked anyway, and yes, remote API is turned on. Any ideas?

Ceritifcate errors are usually different and I am confused with the Connect error. Ofcourse, the SSL port could be blocked but I imagine that is not the case since it is working for application links. Sorry, no other ideas from me!

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Dec 18, 2018 in Confluence Cloud

Happy holidays from our team to yours!

Hi Community!  2018 was filled with changes for our team, both big and small, and we've taken a lot of time to both celebrate our wins and recognize areas of improvement. One thing that we're a...

462 views 3 18
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you