Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Ssl error: java.net.UnknownHostException:https

Vrieling Webmaster
Vrieling Webmaster November 6, 2017

 

Hi,

Specs:
Server 2016
Java (32bit) Version 8 Update 151

We installed Atlassian Confluence on premises and would like to communicate to it using SSL.
Atlassian has a nice manual that we carried out.
We have a wildcard certificate (Comodo) that we wanted to use for this.

So, we created a keystore, imported the certificate (.crt) and pointed the server configfile to it:

<Connector port="8443" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
                   URIEncoding="UTF-8" keystorePass="password"
				   keystoreFile="D:\somepath\atlassian"
				   />

 

Than we downloaded the root and intermediate certificates from Comodo and imported them in the cacerts store.
After that we restarted the Atlassian Confluence service.

We connect to Confluence using this url: https://app##.domain.local:8443

When we use Chrome we get an: ERR_SSL_VERSION_OR_CIPHER_MISMATCH error
When we use Firefox we get a: SSL_ERROR_NO_CYPHER_OVERLAP error.

We used a nifty tool to import the certificates: KeyStore Explorer.
This little tool has also an option: Examine SSL.
It gives us this error:

Confluence_SSL_Error.jpg

What are we doing wrong and how can we fix this ?
Any help is appreciated !

Thanks in advance.

Answer
Watch
Like Be the first to like this
4012 views

1 answer

0 votes
Eduard M
Eduard M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 6, 2017

Hello,

Possibly the following would help, if you use the conversion process to include both crt and private key in generating a PKCS12:

  1. Convert the existing cert to a PKCS12 using OpenSSL. A password is required when asked or the 2nd step will complain.

    openssl pkcs12 -export -in [my_certificate.crt] -inkey [my_key.key] -out [keystore.p12] -name [new_alias] -CAfile [my_ca_bundle.crt] -caname root

  2. Convert the PKCS12 to a Java Keystore File.

    keytool -importkeystore -deststorepass [new_keystore_pass] -destkeypass [new_key_pass] -destkeystore [keystore.jks] -srckeystore [keystore.p12] -srcstoretype PKCS12 -srcstorepass [pass_used_in_p12_keystore] -alias [alias_used_in_p12_keystore]

View More Comments
Vrieling Webmaster
Vrieling Webmaster November 6, 2017

Hi Eduard,

That did the trick.

Thanks !

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events