I followed the instructions at https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSLto terminate SSL at an apache instance in front of both confluence and jira. (They are running on different servers and the SSL cert is an internal self-signed cert.) Accessing either application works fine. I put an apache rewrite rule to send any requests to (for example) http://jira.us.local/browse/IN-1234to https://.... on both servers.
This has apparently broken the integration between Jira and Confluence. Looking at a Confluence document that contains a link to a Jira has the following text:
com.atlassian.confluence.macro.MacroExecutionException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Through searching I found some documents that pointed to the fact that the Java instance will not trust the self signed certificate. Following the directions here: https://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services, I imported the cert into the JRE certificate store in /opt/atlassian/[jira|conflence]/jre/lib/security/cacerts. This has not made any difference in operation. Do I need to restart Jira and Confluence so they pick up the updated certificate store?
If I edit or create a page in confluence and use the ctrl-shift-J macro to insert a link to a Jira I attempt to use the search feature to fine my Jira, I get the following error in a red box:
Received the following HTTP error code from the server:500
I don't see this error in the apache logs, so I don't know where it is coming from. I am at a loss here. I am not an admin for either Jira or Confluence but I can get them to help me.
We are running Jira 6.2 and Confluence 5.4.3
Do I need to restart Jira and Confluence so they pick up the updated certificate store?
And of course the answer to this is yes. And also, what @Danielsaid is true. Do:
User --- https ---> Apache --- http(s) ---> Tomcat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry, I wan't clear. I am doing the HTTPS at the apache layer, I did not muck with the tomcat config to get SSL working there.
I will schedule a time to restart Confluence and Jira and let you know what happens.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.