I just configured SSL for my fisheye server. I browse to it using Google Chrome on the same machine and get a message:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocolThe client and server don't support a common SSL protocol version or cipher suite.
What are the built-in cipher suites and how do I change these?
Set up a proxy server in front of FishEye and save yourself a lot of time and trouble.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I get this same exact error. Setting up a proxy server appears to be a work around. There should be a clear set of steps to get this up and running and a set of steps to troubleshoot. I am really surprised this is so difficult.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
For those of you who don't want to setup a proxy, or possibly want to know why it's not connecting properly, check out my answer here.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I get this same exact error. I have gone through the steps outlined but it does not help in my case.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Are you sure you got your SSL certificate properly converted to a JKS and that Crucible is pointing to it (and has access to it)?
Don't get me wrong though, you should probably use the proxy server anyway as it allows you to run Jira, Crucible, and boat loads of other stuff on the same server while using something like IIS to manage the SSL certs, ports and IPs.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, I was able to figure it out after 3 days. Ugh!. I had to include the entire certificate chain in the keystore. It was not enough that had my ca references in the trust store. Here are the commands I used to get this to work
First, I generated a combined pkcs12 formatted file (cert.p12) with the following command.
- openssl pkcs12 -export -out cert.p12 -in host.pem -inkey key.pem -CAfile cacerts_root.pem -caname root -name jetty -certfile cacerts_int.pem
Second, create a new store with pkcs12 formated file:
- keytool -importkeystore -deststorepass ***** -destkeypass ***** -destkeystore /path/to/key-file/host.p12 -srckeystore cert.p12 -srcstoretype PKCS12 -srcstorepass **** -alias jetty
Finally, I updated config.xml file with the appropriate settings:
<web-server>
<http bind=":80"/>
<ssl truststore="/path/to/trust-file/cacerts"
truststore-password="*******"
keystore="/path/to/key-file/host.p12"
keystore-password="********" bind=":443"><proxy-info/>
</ssl>
</web-server>
Restarted, and it came up. This was a huge pain. There was no logs, no errors to go by and no much on the documentation front.
I tried the openssl command
openssl s_client -connect my.web.site:443
but this did not help. It kept tell me no client certificate served.
here is my stackoverflow post on it
https://serverfault.com/questions/964441/tls-setup-of-crucible-fisheye-server
There has to be some better tooling to help diagnose these issues or Atlassian / Jetty / Tomcat should create this tooling.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.