Hello I recently installed jira 6.2.5 and added https support following the steps described here. The site seemed to be working fine (can log, and work), but the catalina.out log file is flooded with this kind of entries: httpclient-io:thread-2 ERROR anonymous [http.nio.protocol.HttpAsyncRequestExecutor] http-outgoing-2 [CLOSED] HTTP protocol exception: null java.nio.channels.ClosedChannelException at sun.nio.ch.SocketChannelImpl.ensureReadOpen(Unknown Source) at sun.nio.ch.SocketChannelImpl.read(Unknown Source) at org.apache.http.nio.reactor.ssl.SSLIOSession.receiveEncryptedData(SSLIOSession.java:340) at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:366) at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:118) at org.apache.http.impl.nio.reactor.BaseIOReactor.validate(BaseIOReactor.java:220) at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:284) at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:604) at java.lang.Thread.run(Unknown Source) Once it starts it nevers stops, and keeps flooding the log till is GBs of size. I have to stop the service and delete the log. When I restart the service the same entries start to flood again the log.Before the flooding starts I have this entries in the log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem ... PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I thought i had a problem with the certificate ( It is self signed). I found in internet that when using a self signed certificate I had to make sure of two things: making sure the certificate common name matched the domain name (it does). Add the certificate to the list of trusted certificates. I did this using installCert: http://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java But I still get the same errors. Any idea of how I could fix/troubleshoot this issue? I guess I have done something wrong when integrating apache + ssl + Jira but I cannot figure out where is the error. Any idea os how to solve this issue, or how to troubleshoot it more effectively?

Hi Jocar, The exception you have pasted is addressed by the article below: Unable to Connect to SSL Services due to PKIX Path Building Failed sun.security.provider.certpath.SunCertPathBuilderException Could you please check if the steps provided in the document above help to resolve these errors? Cheers, Danilo

Community
Q&A
Jira
Questions
logs flooded with ssl errors

Unable to assign an item to a user, but it worked previously.

We were doing our sprint planning yesterday and we were unable to assign tasks to a user. This developer has been in our system for 6+ months and we have been assigning work to them regularly.

They are in the system under the admin console. In Jira when I search people, they do not appear. This person can get into jira and can even assign themselves to the task. NOTHING has changed on our end. This is cloud hosted.

Any suggestions?

1 answer

1 accepted

0 votes

Answer accepted

Hi Jocar,

The exception you have pasted is addressed by the article below:

Unable to Connect to SSL Services due to PKIX Path Building Failed sun.security.provider.certpath.SunCertPathBuilderException

Could you please check if the steps provided in the document above help to resolve these errors?

Cheers,

Danilo

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hello Danilo,

I 'd like to try the method described in the link you provided, but I am stuck at step one: importing the certs into the java keystore. I went to this section:

If you're unable to install Portecle on the server or prefer the command line please see ourCommand Line Installation section below.

But it leads me to a n EMPTY section !?

Please, could you clarify how could I import the certs using the CLI? I am conecting to a remote server with no X System whatsoever.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi Jocar,

That's rather strange - the section should not be empty and I was also able to browse it accessing the link below:

https://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services#ConnectingtoSSLservices-commandline

I have copied the commands provided in that section below for your convenience. Please make sure to replace the JAVA_HOME for JIRA's JAVA_HOME path.

Cheers,

Danilo

----

Command Line Installation

1. Fetch the certificate, replacing google.comwith the FQDN of the server JIRA is attempting to connect to:

$ openssl s_client -connect google.com:443 &lt; /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' &gt; public.crt

2. Import the certificate:

&lt;JAVA_HOME&gt;/keytool -import -alias &lt;server_name&gt; -keystore &lt;JAVA_HOME&gt;/lib/security/cacerts -file public.crt

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi Danilo,

I tried the provided commands but now I am facing this error in the second step:

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

Command I used:

/opt/atlassian/jira/jre/bin/keytool-import-aliasmyserver.com-keystore /opt/atlassian/jira/jre/lib/security/cacerts-file /etc/pki/tls/certs/myserver.com.crt

Basically I got a problem when the previous command asks me for a passwd that I have no set. Since I do not remember to have generated a keytore (maybe the JAVA bundled with JIRA ships wth one?), I tried creating a new one using the info I found in this atlassian site Running Jira over SSl:

keytool -genkey -alias myserver.com -keyalg RSA -keystore /opt/atlassian/jira/jre/bin/myserver.com.jks

The I tried to run again the import command but I got the same error.

Could you help me with this one, please?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thank you very much. I followed those steps and so far no more SSLEngine errors :)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Unable to assign an item to a user, but it worked previously.

1 answer

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events