Ssl error: java.net.UnknownHostException:https

Vrieling Webmaster November 6, 2017

 

Hi,

Specs:
Server 2016
Java (32bit) Version 8 Update 151

We installed Atlassian Confluence on premises and would like to communicate to it using SSL.
Atlassian has a nice manual that we carried out.
We have a wildcard certificate (Comodo) that we wanted to use for this.

So, we created a keystore, imported the certificate (.crt) and pointed the server configfile to it:

<Connector port="8443" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
                   URIEncoding="UTF-8" keystorePass="password"
				   keystoreFile="D:\somepath\atlassian"
				   />

 

Than we downloaded the root and intermediate certificates from Comodo and imported them in the cacerts store.
After that we restarted the Atlassian Confluence service.

We connect to Confluence using this url: https://app##.domain.local:8443

When we use Chrome we get an: ERR_SSL_VERSION_OR_CIPHER_MISMATCH error
When we use Firefox we get a: SSL_ERROR_NO_CYPHER_OVERLAP error.

We used a nifty tool to import the certificates: KeyStore Explorer.
This little tool has also an option: Examine SSL.
It gives us this error:

Confluence_SSL_Error.jpg

What are we doing wrong and how can we fix this ?
Any help is appreciated !

Thanks in advance.

1 answer

0 votes
Eduard M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 6, 2017

Hello,

Possibly the following would help, if you use the conversion process to include both crt and private key in generating a PKCS12:

  1. Convert the existing cert to a PKCS12 using OpenSSL. A password is required when asked or the 2nd step will complain.

    openssl pkcs12 -export -in [my_certificate.crt] -inkey [my_key.key] -out [keystore.p12] -name [new_alias] -CAfile [my_ca_bundle.crt] -caname root

  2. Convert the PKCS12 to a Java Keystore File.

    keytool -importkeystore -deststorepass [new_keystore_pass] -destkeypass [new_key_pass] -destkeystore [keystore.jks] -srckeystore [keystore.p12] -srcstoretype PKCS12 -srcstorepass [pass_used_in_p12_keystore] -alias [alias_used_in_p12_keystore]

Vrieling Webmaster November 6, 2017

Hi Eduard,

That did the trick.

Thanks !

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events