SSL handshake problem with Confluence connection to Jira User Server

I am connecting a test instance of Confluence with a production JIRA server.

I am trying to get the Confluence instance to use JIRA as a user server.

Below is the exception I receive from the connection test.  It is obviously encrypted.  

Connection works fine if I go directly through the tomcat non-ssl port 8080.

Connection fails with error below if I go through Apache port 443.

This is in the apache access log (notice the 403): - - [09/Nov/2015:15:14:33 -0500] "POST /rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=1&expand=user HTTP/1.1" 403 2084

Here are some config details worth noting:

  • The production JIRA is configured properly.  
  • SSL certificate is solid.  
  • Tomcat server.xml for JIRA has the scheme, proxyName, and proxyPort configured properly.
  • Application link works properly
  • Both Confluence and JIRA are running the provided Java 1.8.0_60 
  • Confluence 5.8.13
  • JIRA 6.3.10


What am I missing?



2015-11-09 14:56:44,353 ERROR [http-nio-8090-exec-5] [crowd.embedded.admin.ConfigurationController] onSubmit Configuration test failed for user directory: [ JIRA Server],
type: [ CROWD ]
 -- referer: | url: /plugins/servlet/embedded-crowd/configure/jira/ | userName: testuser
com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: ^@^@^@^@^@^@^@?U]o?6^T}??p?? ^X?^Tm???^F???:d
]?`?C ^X???"Y??????8r?^C?P^Y???y???`?^?2Tj^R^?^Q?d0?k^TdP8yg?B ?z???????????g?]?|?~z5^Y=?D-d~??d0?6 ???8 x^S?kXAkM&+p???h? ???? ???!{2XK-???????????G>??^E?Q?A??!G?5xb?L2S
????Uu!??YXgak\8??v^Yv???^B???~H???>?^??x- ?8?c^F!@V2YA???m?x?^@?v???w?D?Uf?;??c?,9?%?OQ???`??[?9????E??c??8????V^FD?P^D?}??k??-?^Bg?^U??5?1^X???>N???M ?sP ?D"?????^E ?^X?
x????^X*^V??L??oz?(??Qg? n^D7^Zi_?e/?+??*?^R W^D?????Hc??"??h^??A?w??U^X??C L?^F?0??P^V??(_?C?^Q?^Q??K?a? ??!C?????n?O?_??M??D?n/???^U??)?Z??^Ru??W???F?!?S?z%^C???^D:?5?D?
#???^W??^D???t?9???^d???$oF?^Zohz?";q???}^NY??6????w??`A?`t??T??^Z??G-J^E?[?x?C??m^S6?*?F}????92g?~;C?8*???s???^F"??9^V?5Q-???'C1;W?^N`g???ku?q>h?.?^D5??+?^B^U?t ?J-?g?jK?
E?&c??]????;?? $????^Y????#??s%%??$?>??^??v???????3?9?C\?O+?PESC?+?c-?:?????2G?/?#2??B??&; 1??U?@^E6 ???)?$a?/! ?O?S???????_:fNESC?x~^D?d??????;??1???w^A6?}?w??1??? ??^Xw?
^Q?^?n?^VH?]I?p??cV??????? ?^Dx??^O??????~g???l?KG???^CInp?.??"?^Z???t??L???^N? ?i3??S]?^G?ed???g^A:^Y????}n??.R?^X?????^?^A??o^W;^Y^@^@
        at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(
        at java.lang.reflect.Method.invoke(

1 answer

1 accepted

1 vote
Accepted answer

I figured it out.  The clue was in the Tomcat access log.  I expected the proxied traffic from Apache to show up in tomcat as coming from localhost.  I did not expect it to be the IPv6 localhost.

Adding "0:0:0:0:0:0:0:1" to the "IP Addresses" section of the Jira User Server configuration on my JIRA server solved the problem.  (I used the long name instead of the short-hand "::1" as that is how it appears in my Tomcat access log.)

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Dec 18, 2018 in Confluence Cloud

Happy holidays from our team to yours!

Hi Community!  2018 was filled with changes for our team, both big and small, and we've taken a lot of time to both celebrate our wins and recognize areas of improvement. One thing that we're a...

477 views 3 18
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you