It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Severe error due to SSL Certificate

Hi,

I installed the SSL certificate in crowd and it worked fine, but as soon as I rebooted the server (wanted to check if crowd was starting automatically), it didn't start back and it was giving me the following error:

SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["https-jsse-nio-8443"]

ava.lang.IllegalArgumentException: None of the [ciphers] specified are supported by the SSL engine : (and a huge list of ciphers).

 

I can delete my keystore and start again but I'm just struggling to understand which commands I should use. I need to create a keystore, create a csr and once the certificates are issued, which ones I should import and install?

 

The connector <crowd installation>/apache-tomcat/conf/server.xml I just followed this documentation: 

https://confluence.atlassian.com/crowd/configuring-crowd-to-work-with-ssl-151520306.html

so it looks like this:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="${user.home}/.keystore" keystorePass="changeit"
           keyAlias="tomcat" keyPass="changeit"/> 

of course the keystoreFile points to my keystore.

 

Thanks for your help.

 

1 answer

0 votes
Ann Worley Atlassian Team May 02, 2018

Hi Andrea, 

I have a feeling that the issue is not your keystore, but rather the protocol defined in the connector in server.xml.

Your connector directive looks the same as in the document, but I think the guide may be outdated (will follow up with doc team after we get you sorted). The example connectors in the Tomcat Guide all use other protocols. The example files for other Atlassian products use:

org.apache.coyote.http11.Http11NioProtocol

instead of 

org.apache.coyote.http11.Http11Protocol

The protocol you are using has caused issues with Jira starting up (Tomcat will not start in 7.3 with protocol="org.apache.coyote.http11.Http11Protocol") so I recommend changing it and restarting Crowd. I look forward to hearing the result.

Thanks,

Ann

Hi Ann,

I resolved by changing the protocol and added the cyphers.

My connector looks like this:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLS"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
keyAlias="tomcat" keyPass="changeit"/>

 

May I suggest that the documentations should be updated? I spent so many hours on this and it's not easy to troubleshoot.

Also, it would be really appreciated a much more in dept documentation on how to generate the keystore, how to generate the csr and how to import and install the certificates.

It's just a few command lines but there's so many options that it would nice to know which ones are the most accurate and up-to-date ones.

Thanks,

Andrea 

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence

What's New in Confluence Cloud – November 2019 Edition

Hey community! This month we’re excited to share brand new features to help you make your mark on Confluence. If you haven’t already, check out our updates from October and September too! Expre...

810 views 5 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you