Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,644,519
Community Members
 
Community Events
196
Community Groups

Severe error due to SSL Certificate

Andrea C
Andrea C May 01, 2018

Hi,

I installed the SSL certificate in crowd and it worked fine, but as soon as I rebooted the server (wanted to check if crowd was starting automatically), it didn't start back and it was giving me the following error:

SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["https-jsse-nio-8443"]

ava.lang.IllegalArgumentException: None of the [ciphers] specified are supported by the SSL engine : (and a huge list of ciphers).

 

I can delete my keystore and start again but I'm just struggling to understand which commands I should use. I need to create a keystore, create a csr and once the certificates are issued, which ones I should import and install?

 

The connector <crowd installation>/apache-tomcat/conf/server.xml I just followed this documentation: 

https://confluence.atlassian.com/crowd/configuring-crowd-to-work-with-ssl-151520306.html

so it looks like this:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="${user.home}/.keystore" keystorePass="changeit"
           keyAlias="tomcat" keyPass="changeit"/> 

of course the keystoreFile points to my keystore.

 

Thanks for your help.

 

Answer
Watch
Like Be the first to like this
8502 views

1 answer

0 votes
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 02, 2018

Hi Andrea, 

I have a feeling that the issue is not your keystore, but rather the protocol defined in the connector in server.xml.

Your connector directive looks the same as in the document, but I think the guide may be outdated (will follow up with doc team after we get you sorted). The example connectors in the Tomcat Guide all use other protocols. The example files for other Atlassian products use:

org.apache.coyote.http11.Http11NioProtocol

instead of 

org.apache.coyote.http11.Http11Protocol

The protocol you are using has caused issues with Jira starting up (Tomcat will not start in 7.3 with protocol="org.apache.coyote.http11.Http11Protocol") so I recommend changing it and restarting Crowd. I look forward to hearing the result.

Thanks,

Ann

View More Comments
Andrea C
Andrea C May 03, 2018

Hi Ann,

I resolved by changing the protocol and added the cyphers.

My connector looks like this:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
 clientAuth="false" sslProtocols="TLS"
 ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
 keystoreFile="${user.home}/.keystore" keystorePass="changeit"
 keyAlias="tomcat" keyPass="changeit"/>

 

May I suggest that the documentations should be updated? I spent so many hours on this and it's not easy to troubleshoot.

Also, it would be really appreciated a much more in dept documentation on how to generate the keystore, how to generate the csr and how to import and install the certificates.

It's just a few command lines but there's so many options that it would nice to know which ones are the most accurate and up-to-date ones.

Thanks,

Andrea 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

See all events