The remote certificate can't be trusted between Jira & Confluence & BitBucket

Altran October 18, 2019

Hi there!

 

I'm running the following applications on my system:

 

Jira 7.13.0

Confluence 6.13.0

Bitbucket 6.0.0

 

These have been installed for months in perfect harmony in the same server, till now that I've been asked to move all of them to https.

 

These are the list of ports used:

 

Jira: http over 28080 and https over 28443

Confluence: http over 28090 and https over 29443

Bitbucket: https over 27443 (no way to have both http & https at the same time).

 

Now, my problem is related to "Application Links". All of them have "Network error" and I cannot get rid of it.

 

I've created self-signed certificates for all of them even when all run in the same server. I've imported (or at least I think so) all of them to both /root/.keystore and to $JAVA_HOME/jre/lib/security (please, pay attention, the guide I've read mentions default location in this path WITHOUT jre directory, but since it isn't present I've choosen the one I've written here).

 

I've tried to modify the links to use as "Application URL" the old port over http, but it's not working anyway.

 

I've modified server.xml, web.xml and bitbucket.properties wherever the guides told me so, and this has allowed me to get the applications up and running ... but not connected between themselves.

 

Could you please help me out with this issue?

 

Thanks and warm regards.

 

 

 

 

 

2 answers

1 accepted

0 votes
Answer accepted
Alexis Robert
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 18, 2019

Hi @Altran , 

 

this is a common error because you're using self-signed certificates : you need to import these certificates into the JVM, because at the moment it's not trusting those.

There's a step by step documentation here : https://confluence.atlassian.com/kb/how-to-import-a-public-ssl-certificate-into-a-jvm-867025849.html

Let me know if you have any questions, 

 

--Alexis

Altran October 22, 2019

I'm not sure why, but it looks like the import process wasn't taken properly. I re-do all the steps, rebooted the server, rebooted all 3 services and it was fixed.

This command I run (instead of graphic interface) may did the trick (replacing google.com for my domain twice):

openssl s_client -connect google.com:443 -servername google.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt

 

Thank you so much @Alexis Robert for your help.

 

Warm regards,

0 votes
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 18, 2019

Atlassian Applications ship with their own Java. Make sure you import the keys into the cacerts files used by the jira, etc.

So istead of ${JAVA_HOME}, look at ${JIRA_HOME}/jre/lib/security

Altran October 22, 2019

Hi @Andrew Laden  I've downloaded the certificate for 3 applications (with services UP !! ) and installed on that common cacerts file inside jre/lib/security path in my server.

 

Thanks for your help!

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events