Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Severe error due to SSL Certificate

Hi,

I installed the SSL certificate in crowd and it worked fine, but as soon as I rebooted the server (wanted to check if crowd was starting automatically), it didn't start back and it was giving me the following error:

SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["https-jsse-nio-8443"]

ava.lang.IllegalArgumentException: None of the [ciphers] specified are supported by the SSL engine : (and a huge list of ciphers).

 

I can delete my keystore and start again but I'm just struggling to understand which commands I should use. I need to create a keystore, create a csr and once the certificates are issued, which ones I should import and install?

 

The connector <crowd installation>/apache-tomcat/conf/server.xml I just followed this documentation: 

https://confluence.atlassian.com/crowd/configuring-crowd-to-work-with-ssl-151520306.html

so it looks like this:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="${user.home}/.keystore" keystorePass="changeit"
           keyAlias="tomcat" keyPass="changeit"/> 

of course the keystoreFile points to my keystore.

 

Thanks for your help.

 

1 answer

0 votes
AnnWorley Atlassian Team May 02, 2018

Hi Andrea, 

I have a feeling that the issue is not your keystore, but rather the protocol defined in the connector in server.xml.

Your connector directive looks the same as in the document, but I think the guide may be outdated (will follow up with doc team after we get you sorted). The example connectors in the Tomcat Guide all use other protocols. The example files for other Atlassian products use:

org.apache.coyote.http11.Http11NioProtocol

instead of 

org.apache.coyote.http11.Http11Protocol

The protocol you are using has caused issues with Jira starting up (Tomcat will not start in 7.3 with protocol="org.apache.coyote.http11.Http11Protocol") so I recommend changing it and restarting Crowd. I look forward to hearing the result.

Thanks,

Ann

Hi Ann,

I resolved by changing the protocol and added the cyphers.

My connector looks like this:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLS"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
keyAlias="tomcat" keyPass="changeit"/>

 

May I suggest that the documentations should be updated? I spent so many hours on this and it's not easy to troubleshoot.

Also, it would be really appreciated a much more in dept documentation on how to generate the keystore, how to generate the csr and how to import and install the certificates.

It's just a few command lines but there's so many options that it would nice to know which ones are the most accurate and up-to-date ones.

Thanks,

Andrea 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Opsgenie

Opsgenie and Amazon team up to launch new DevOps Guru integration - now available!

We’re proud to announce that our integration with Amazon DevOps Guru is now live. The Amazon and Opsgenie product teams have worked together to build a deep integration between Opsgenie and the new...

240 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you