Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSL for Confluence - No connection

Brian Donnelly
Brian Donnelly November 13, 2020

Hello Community,

 

I have done some reading on the other posts about getting SSL working for Confluence and I am still having the same error - "Page cannot be displayed - remote device or resource won't accept the connection."

I have not adjusted the web.xml (is this step required?), only set the base URL (we have it at http://confluenceuat/confluence and I made it https://confluenceuat/confluence).

Here is my server.xml:

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8"
keystoreFile="D:\Program Files\Atlassian\Confluence\myKeystore.p12" keystorePass="<password>"
keyAlias="myAlias" keystoreType="PKCS12"/>

 

I am using a PKCS12 keystore as you can see by the keystore file and the Type. The cert was signed by our company root CA and we use this same type of cert for our other internal systems. It also has a different alias, which from some other posts shouldn't be an issue if its specified. I have also tried importing the certificate from our .p12 to a .keystore created according to Atlassian Docs with the same result.

 

I have had some errors in my catalina logs such as the key not being read etc, but I've resolved those. Now when I start it up these are the only Warning logs I have:

 

operty [debug] to [0]
13-Nov-2020 11:30:34.433 WARNING [main] org.apache.catalina.startup.SetAllPropertiesRule.begin [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'debug' to '0' did not find a matching property.
13-Nov-2020 11:30:34.464 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Engine] failed to set property [debug] to [0]
13-Nov-2020 11:30:34.464 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Engine/Host] failed to set property [debug] to [0]
13-Nov-2020 11:30:34.480 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Engine/Host/Context] failed to set property [debug] to [0]
13-Nov-2020 11:30:34.496 WARNING [main] org.apache.catalina.core.StandardContext.setPath A context path must either be an empty string or start with a '/' and do not end with a '/'. The path [${confluence.context.path}/synchrony-proxy] does not meet these criteria and has been changed to [/${confluence.context.path}/synchrony-proxy]
13-Nov-2020 11:30:34.496 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Engine/Host/Context] failed to set property [debug] to [0]

and

13-Nov-2020 11:31:50.810 WARNING [Catalina-utility-1] org.apache.catalina.startup.HostConfig.deployDescriptor The path attribute with value [/synchrony-proxy] in deployment descriptor [D:\Program Files\Atlassian\Confluence\conf\Standalone\localhost\synchrony-proxy.xml] has been ignored
13-Nov-2020 11:31:50.810 WARNING [Catalina-utility-1] org.apache.catalina.startup.SetContextPropertiesRule.begin [SetContextPropertiesRule]{Context} Setting property 'debug' to '0' did not find a matching property.

I don't think these are related to my https specific config, though, as I see them even when https isn't enabled / commented out in the server.xml. My INFO logs show the following (and these logs end the catalina.log file after a service restart):

13-Nov-2020 11:31:53.904 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-127.0.0.1-8090"]
13-Nov-2020 11:31:53.919 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-8443"]
13-Nov-2020 11:31:53.935 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [79,002] milliseconds

No errors that appear to be key-related.

 

I also ran netstat -ab and see TCP [::]:8443 is listening. I'm at a loss now, I'm pretty sure I tried just about everything from the docs and other Community posts. Does anyone see something I missed?

Answer
Watch
Like Be the first to like this
1442 views

1 answer

1 accepted

0 votes
Answer accepted
Daniel Ebers
Daniel Ebers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 17, 2020

Hi Brian,

welcome to the Atlassian Community!

Is there by any chance a firewall active?
This could be either the case on the host itself or on your client?
With some probability (if the network is managed) even in between - for example if it is a managed office network environment where you're in.

Can you confirm you can rule a firewall out as a reason?

Cheers,
Daniel

View More Comments
Brian Donnelly
Brian Donnelly November 19, 2020

Hi Daniel,

Thank you for the welcome!

We do not have firewalls imposed on the traffic within this "office." Only between other geographic locations or externally. I am using the server Confluence is hosted on and one other server to troubleshoot and test connectivity, and they have no firewalls between them.

Like
Daniel Ebers
Daniel Ebers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 19, 2020

Do you access using port 443 or 8443 currently?

Have you installed a reverse proxy in front of Confluence?

Like
Brian Donnelly
Brian Donnelly November 19, 2020

I am using port 8443.

We have no reverse proxy in front of Confluence or in our internal network.

Like
Daniel Ebers
Daniel Ebers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 19, 2020

Thanks for clarification.

Debugging by just reading the log output is always something what can be considered hard.

A very interesting part is your statement

I also ran netstat -ab and see TCP [::]:8443 is listening.

Along with your information you are accessing using port 8443.
Also the log files look good.

There is not anything else I could advise right now. It still looks to me the connection is blocked/not possible for any reason while the situation on the server (as per log files) look good.

All similar cases here in Community had other characteristics. A missing certificate (I doubt your case is related to that - you would see errors in the log file), a not-starting application due to missing RAM (also not applying as you have a port opened) or a incompletely installation (also not very likely).

I guess you followed this instruction:
https://confluence.atlassian.com/doc/installing-confluence-on-windows-255362047.html

The next hint - but this is the last idea from just reading the logs would be to ping the machine if it answers as well as to check if you can reach Confluence using the (non-secured) port 8090 from a different machine.
Please note that even if you can the SSL topic needs to be inspected further. It only shows if Confluence would be reachable at all or if other ports are also unreachable.

Like
Brian Donnelly
Brian Donnelly November 19, 2020

Confluence does run on http port 8090, it has been running since before I worked here. We also have other applications running on the server like TFS and SSRS.

There may be some conflicting issues because of this exact issue though, and I have no familiarity with how they interact and what impact previous configurations may have on Confluence.

I'm going to file this as a lost cause. Next step will be to migrate Confluence on its own server. We're doing a large migration to Server 2019 anyhow so this will fit right in.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events