Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Crowd 2.12 with https and self-signed certificate?

Deleted user Jan 10, 2018

Hello,

 

is it possible to set-up Crowd Server 2.12 with https and a self-signed certificate?

 

I'm trying to set-up my Atassian Apps (Jira, Confluence, Crucible, Bitbucket, Crowd) to https. For Testing I do this on a Ubuntu Server Test Instance VM.

So far I can access Crowd over https but when I try to login I get following message:

"Connection to authentication server failed. Please review the logs for more information."

 

The error message in catalina.out are:

"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

"PluginSchedulerTask-com.atlassian.analytics.client.upload.RemoteFilterRead:job INFO [com.amazonaws.http.AmazonHttpClient] Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

 "Failed to connect to the authentication server, please check your crowd.properties
org.springframework.security.authentication.AuthenticationServiceException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Couldn't send message."

"http-nio-8096-exec-17 ERROR [xfire.transport.http.HttpChannel] javax.net.ssl.SSLException: java.security.cert.CertificateException: No name matching localhost found"

 

I noticed something like that also in the Application Links of Jira & Confluence.

For the production server I will get a Certificate signed by our IT or I get one from another CA. But for testing I want to use a self-signed Cert.

 

Is that possible?

 

Thanks and kind regards

Andreas

 

1 answer

1 vote
Marcin Kempa Atlassian Team Jan 10, 2018

Hi @[deleted],

 

It is possible to add your's self signed certificates to Java trust store. In order to do so, please follow the documentation mentioned here.

However I think it might be easier for you, for testing purpose, to try out the https://letsencrypt.org/ solution. 

Here you can see which Java versions and browsers supports those certificates https://community.letsencrypt.org/t/which-browsers-and-operating-systems-support-lets-encrypt/4394.

 

Please make sure that you use proper certificates in your production environment.

 

Hope that helps,

Marcin Kempa

Deleted user Jan 10, 2018

Hi Mercin Kempa,

thanks for reply.

As the server is only visible in our factory network, letsencrypt would have problems verifiying the server. Until now I don't know another way to sign my csr -file with letsencrypt.

I will try to add my self-signed certificate to java keystore.

 

Kind regards

Andreas

Since the IdenTrust "DST Root CA X3" certificate provided by letsencrypt was added to certain versions of Java (https://community.letsencrypt.org/t/which-browsers-and-operating-systems-support-lets-encrypt/4394.) and this certificate is used to cross sign the automatically generated, I guess it could still work without the internet access. But frankly I did not test it, it is just another approach you might give a try.

 

EDIT:

While the above would work once the certificate is in place, the problem would be to generate one, as letsencrypt need to know that you are the one owning the domain.

 

Best Regards,

Marcin Kempa

Marcin Kempa Atlassian Team Jan 24, 2018

Hi @[deleted]

Did you manage to setup crowd https with those self signed certificates?

 

Best Regards,

Marcin Kempa

Deleted user Jan 25, 2018

Hello Marcin,

finally I got it to work.

I hade some Problems with my Certificate. Since I use a virtual machine, I always added the IP of the VM to the Certificate. But in our Netzwork the IP changed and Crowd hat some problems with that.

I also didn't configure the Remote Addresses for the Crowd Application in the Application Settings.

I made a complete new self-signed Cert with the hostname of my VM. An I also accessed the Applications over that. Than I also added the signed certificate (*.cer) to the keystore of the used JavaVM (in my case every Atlassian App uses either its own Java or OpenJDK or Oracle Java which I've installed on the server, I had to look in the System Information of every App). This also helped me with the Problem that the Application Links between the Atlassian Apps didn't work.

 

By the way: it would be nice if you could update your "Crowd https setup" articles. For example I needed to add some lines to a "web.xml" but this was not mentioned in the help site.

 

Kind regards

Andreas

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Asked in Jira Service Management

JSM June ask me anything (AMA)

Hello Community members! We’re wrapping up the end of JSM June with an Ask Me Anything (AMA) with the Jira Service Management product team. This is your chance to ask all your ITSM questions to o...

239 views 12 14
View question

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you