is it possible to set-up Crowd Server 2.12 with https and a self-signed certificate?
I'm trying to set-up my Atassian Apps (Jira, Confluence, Crucible, Bitbucket, Crowd) to https. For Testing I do this on a Ubuntu Server Test Instance VM.
So far I can access Crowd over https but when I try to login I get following message:
"Connection to authentication server failed. Please review the logs for more information."
The error message in catalina.out are:
"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
"PluginSchedulerTask-com.atlassian.analytics.client.upload.RemoteFilterRead:job INFO [com.amazonaws.http.AmazonHttpClient] Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
"Failed to connect to the authentication server, please check your crowd.properties
org.springframework.security.authentication.AuthenticationServiceException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Couldn't send message."
"http-nio-8096-exec-17 ERROR [xfire.transport.http.HttpChannel] javax.net.ssl.SSLException: java.security.cert.CertificateException: No name matching localhost found"
I noticed something like that also in the Application Links of Jira & Confluence.
For the production server I will get a Certificate signed by our IT or I get one from another CA. But for testing I want to use a self-signed Cert.
Is that possible?
Thanks and kind regards
Hi @Andreas Zeiler,
It is possible to add your's self signed certificates to Java trust store. In order to do so, please follow the documentation mentioned here.
However I think it might be easier for you, for testing purpose, to try out the https://letsencrypt.org/ solution.
Here you can see which Java versions and browsers supports those certificates https://community.letsencrypt.org/t/which-browsers-and-operating-systems-support-lets-encrypt/4394.
Please make sure that you use proper certificates in your production environment.
Hope that helps,
Hi Mercin Kempa,
thanks for reply.
As the server is only visible in our factory network, letsencrypt would have problems verifiying the server. Until now I don't know another way to sign my csr -file with letsencrypt.
I will try to add my self-signed certificate to java keystore.
Since the IdenTrust "DST Root CA X3" certificate provided by letsencrypt was added to certain versions of Java (https://community.letsencrypt.org/t/which-browsers-and-operating-systems-support-lets-encrypt/4394.) and this certificate is used to cross sign the automatically generated, I guess it could still work without the internet access. But frankly I did not test it, it is just another approach you might give a try.
While the above would work once the certificate is in place, the problem would be to generate one, as letsencrypt need to know that you are the one owning the domain.
finally I got it to work.
I hade some Problems with my Certificate. Since I use a virtual machine, I always added the IP of the VM to the Certificate. But in our Netzwork the IP changed and Crowd hat some problems with that.
I also didn't configure the Remote Addresses for the Crowd Application in the Application Settings.
I made a complete new self-signed Cert with the hostname of my VM. An I also accessed the Applications over that. Than I also added the signed certificate (*.cer) to the keystore of the used JavaVM (in my case every Atlassian App uses either its own Java or OpenJDK or Oracle Java which I've installed on the server, I had to look in the System Information of every App). This also helped me with the Problem that the Application Links between the Atlassian Apps didn't work.
By the way: it would be nice if you could update your "Crowd https setup" articles. For example I needed to add some lines to a "web.xml" but this was not mentioned in the help site.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Do you own more than one Server or Data Center product? Do you have challenges provisioning users across your Atlassian products? Are you spending a lot of time integrating each Atlassian product wit...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs