It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

SSL setup of application links Edited

we got while setting up app links between confluence-jira and vice versa error: "<link> may be using a self-signed SSL certificate or a certificate that was issued by a certificate authority that isn't known locally."

we checked following:

  • a wild card cert (*.xyz.com) incl. ca-chain was installed in jre keystore's for jira.xyz.com:8443 (jira sw) and jcon.xyz.com:8444 (Jira confluence)
  • both server.xml were configured to point to built in jre keystore (above)
  • SSLPoke from jira->confluence and vice versa, e.g. by
    java -Djavax.net.ssl.trustStore=/opt/atlassian/jira/jira.jks SSLPoke jira.xyz.com 8443
    shows
    Successfully connected
  • no SSL errors shown in logs/catalina.out

Are there any other checks, we can execute to test SSL connection?

Many thanks

Jens-Uwe

2 answers

2 accepted

0 votes
Answer accepted
Alexis_Robert Community Leader Nov 10, 2019

Hi @JUS , 

 

from the error message, I'd say that it's something to do with an intermediate or root certificate, are you sure that you imported the proper root CA in the keystore ? I usually point to this doc for this : https://confluence.atlassian.com/kb/how-to-import-a-public-ssl-certificate-into-a-jvm-867025849.html

If you don't need SSL for your application links, I would suggest configuring a separate connector in server.xml just for this connection : https://confluence.atlassian.com/kb/how-to-bypass-a-reverse-proxy-or-ssl-in-application-links-719095724.html

 

Let me know if this helps, 

 

--Alexis

Indeed after in depth investigation, the previously imported cert missed the cert chain. Including the complete chain into pkcs12 and re-importing into keystore solved the problem. many thanks, Jens-Uwe

0 votes
Answer accepted

Hi @JUS ,

You will need to import JIRA SSL Certificate in Confluence JAVA Truststore called cacerts usually located at path <installation directory>/jre/lib/security. 

Similarly import Confluence SSL Certificate in JIRA JAVA Truststore called cacerts again.

After that, restart both services & try to establish Application Link again (make sure you are system admin on both).

I had similar issue in past. Following above steps resolved the issue. It is about JAVA of each application trusting other's connection.

Thanks, after fixing the cert issue (complete CA chain added,see above), app links are established now correctly on both sides.

Jens-Uwe

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

How is your team having fun and bonding, remotely, utilizing Confluence?

Thanks everyone for answering last week’s question. The winner of the random drawing from those who commented is: @LarryBrock I’ll contact you separately with your prize details. This wee...

283 views 9 7
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you