enabling apache ssl proxy in front of jira and confluence broke integration.

I followed the instructions at https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSLto terminate SSL at an apache instance in front of both confluence and jira. (They are running on different servers and the SSL cert is an internal self-signed cert.) Accessing either application works fine. I put an apache rewrite rule to send any requests to (for example) http://jira.us.local/browse/IN-1234to https://.... on both servers.

This has apparently broken the integration between Jira and Confluence. Looking at a Confluence document that contains a link to a Jira has the following text:

com.atlassian.confluence.macro.MacroExecutionException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Through searching I found some documents that pointed to the fact that the Java instance will not trust the self signed certificate. Following the directions here: https://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services, I imported the cert into the JRE certificate store in /opt/atlassian/[jira|conflence]/jre/lib/security/cacerts. This has not made any difference in operation. Do I need to restart Jira and Confluence so they pick up the updated certificate store?

If I edit or create a page in confluence and use the ctrl-shift-J macro to insert a link to a Jira I attempt to use the search feature to fine my Jira, I get the following error in a red box:

Received the following HTTP error code from the server:500

I don't see this error in the apache logs, so I don't know where it is coming from. I am at a loss here. I am not an admin for either Jira or Confluence but I can get them to help me.

We are running Jira 6.2 and Confluence 5.4.3

3 answers

1 accepted

0 votes
Accepted answer
Timothy Chin Community Champion May 13, 2014

Do I need to restart Jira and Confluence so they pick up the updated certificate store?

And of course the answer to this is yes. And also, what @Danielsaid is true. Do:

User --- https ---> Apache --- http(s) ---> Tomcat

The restart did clear up the issue.

0 votes
Daniel Wester Community Champion May 13, 2014
It sounds like your config is browser->http proxy->https tomcat. My suggestion would be to move https to the front (or at least add it there)

Sorry, I wan't clear. I am doing the HTTPS at the apache layer, I did not muck with the tomcat config to get SSL working there.

I will schedule a time to restart Confluence and Jira and let you know what happens.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Feb 06, 2019 in Confluence

Try out the new editing experience

Hi team, I’m Avinoam, a product manager on Confluence Cloud, and today I’m really excited to let the Community know that all customers can now try out the new editing experience and see some of the ...

784 views 33 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you