Today I updated my SSL certificate and everything went fine, until it was time to login on my Crowd and other applications.
I couldn't do it.
I decided to go back to my old expired certificate, but I had the very same problem I was already having with Crowd:
Connection to authentication server failed. Please review the logs for more information.
After doing some research I played with my crowd.properties file (which, until now, it was working perfectly). After switching my crowd.server.url and my login.url to http instead of https, the login at crowd works, while the login in other apps are still not working at all.
I tried to switch back to my old expired SSL certificate, but the result was the same.
I have tried everything almost, with no luck whatsoever.
Please, could somebody help me?
This is my log:
Hi @Danel Sánchez,
Your log files looks pretty similar to those mentioned in this community post. However, It is still unclear to me, why reapplying old certificate did not restore the service.
It might be related to the SNI support enabled by default since Java 7. Please take a look at this KB article and try to apply the suggested solution.
Please let me know if this helped you.
Thank you for your reply, Marcin.
I took some time to review the issue and followed your recommendation and added this to my JAVA-OPTS:
However, the result remains the same. No matter the kind of certificate I use, I get this on my log:
018-02-20 20:12:10,990 http-bio-MYIP-MYPORT-exec-8 INFO [service.soap.client.SecurityServerClientImpl] Existing application token is null, authenticating ...
2018-02-20 20:12:11,142 http-bio-MYIP-MYPORT-exec-8 ERROR [xfire.transport.http.HttpChannel] javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Sometimes it prompts me to:
2018-02-20 20:12:11,217 http-bio-MYIP-MYPORT-exec-8 ERROR [crowd.console.action.Login] Failed to connect to the authentication server, please check your crowd.properties
I'm entirely lost over here.
Hello @Marcin Kempa,
I did not, and maybe it would have helped, however, I didn't have to: I finally got it solved. Probably nobody will come up with the same mistake as I, but I'll share how I fixed this just in case:
Comparing the two keystores I had (which are the same, but I made a backup just in case) I noticed a subtle difference:
I didn't append my domain validation certificate to the key. Awkwardly, Confluence, JIRA and Bitbucket worked flawlessly without appending it, but Crowd did not.
After appending the domain validation certificate to the key, Crowd worked over HTTPS without any problems, the SSO started to work instantly and everything went back to normal.
Notes for noobies like me:
After the old certificate expired, Crowd stopped working:
The new certificate was not properly configured, which made Crowd to show the very same behavior as before with the expired one:
The errors, however, were mostly the same.
Hope this helps somebody in the future.
Thank you for your time, Marcin.
Thanks for posting this article
Hello Community! Quick disclaimer: We are running a contest on Community (The Atlympics!) from July 23rd - August 8th of 2021. If you are interested in participating in this contest (prizes! ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events