SSL handshake problem with Confluence connection to Jira User Server

I am connecting a test instance of Confluence with a production JIRA server.

I am trying to get the Confluence instance to use JIRA as a user server.

Below is the exception I receive from the connection test.  It is obviously encrypted.  

Connection works fine if I go directly through the tomcat non-ssl port 8080.

Connection fails with error below if I go through Apache port 443.

This is in the apache access log (notice the 403): - - [09/Nov/2015:15:14:33 -0500] "POST /rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=1&expand=user HTTP/1.1" 403 2084

Here are some config details worth noting:

  • The production JIRA is configured properly.  
  • SSL certificate is solid.  
  • Tomcat server.xml for JIRA has the scheme, proxyName, and proxyPort configured properly.
  • Application link works properly
  • Both Confluence and JIRA are running the provided Java 1.8.0_60 
  • Confluence 5.8.13
  • JIRA 6.3.10


What am I missing?



2015-11-09 14:56:44,353 ERROR [http-nio-8090-exec-5] [crowd.embedded.admin.ConfigurationController] onSubmit Configuration test failed for user directory: [ JIRA Server],
type: [ CROWD ]
 -- referer: | url: /plugins/servlet/embedded-crowd/configure/jira/ | userName: testuser
com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: ^@^@^@^@^@^@^@?U]o?6^T}??p?? ^X?^Tm???^F???:d
]?`?C ^X???"Y??????8r?^C?P^Y???y???`?^?2Tj^R^?^Q?d0?k^TdP8yg?B ?z???????????g?]?|?~z5^Y=?D-d~??d0?6 ???8 x^S?kXAkM&+p???h? ???? ???!{2XK-???????????G>??^E?Q?A??!G?5xb?L2S
????Uu!??YXgak\8??v^Yv???^B???~H???>?^??x- ?8?c^F!@V2YA???m?x?^@?v???w?D?Uf?;??c?,9?%?OQ???`??[?9????E??c??8????V^FD?P^D?}??k??-?^Bg?^U??5?1^X???>N???M ?sP ?D"?????^E ?^X?
x????^X*^V??L??oz?(??Qg? n^D7^Zi_?e/?+??*?^R W^D?????Hc??"??h^??A?w??U^X??C L?^F?0??P^V??(_?C?^Q?^Q??K?a? ??!C?????n?O?_??M??D?n/???^U??)?Z??^Ru??W???F?!?S?z%^C???^D:?5?D?
#???^W??^D???t?9???^d???$oF?^Zohz?";q???}^NY??6????w??`A?`t??T??^Z??G-J^E?[?x?C??m^S6?*?F}????92g?~;C?8*???s???^F"??9^V?5Q-???'C1;W?^N`g???ku?q>h?.?^D5??+?^B^U?t ?J-?g?jK?
E?&c??]????;?? $????^Y????#??s%%??$?>??^??v???????3?9?C\?O+?PESC?+?c-?:?????2G?/?#2??B??&; 1??U?@^E6 ???)?$a?/! ?O?S???????_:fNESC?x~^D?d??????;??1???w^A6?}?w??1??? ??^Xw?
^Q?^?n?^VH?]I?p??cV??????? ?^Dx??^O??????~g???l?KG???^CInp?.??"?^Z???t??L???^N? ?i3??S]?^G?ed???g^A:^Y????}n??.R?^X?????^?^A??o^W;^Y^@^@
        at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(
        at java.lang.reflect.Method.invoke(

1 answer

1 accepted

Accepted Answer
1 vote

I figured it out.  The clue was in the Tomcat access log.  I expected the proxied traffic from Apache to show up in tomcat as coming from localhost.  I did not expect it to be the IPv6 localhost.

Adding "0:0:0:0:0:0:0:1" to the "IP Addresses" section of the Jira User Server configuration on my JIRA server solved the problem.  (I used the long name instead of the short-hand "::1" as that is how it appears in my Tomcat access log.)

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Oct 09, 2018 in Confluence

Introducing Praecipio Consulting, an Atlassian Solution Partner

Hey there Community!  My name is Vannya Vallejo, the Channel Communication Specialist at Atlassian and I want to help Atlassian users like you learn about our Solution Partners and how they c...

389 views 0 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you