Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How can I resolve a ManifestNotFoundException trying to setup Application Links

Jason Horn
Jason Horn October 12, 2015

I am currently getting a ManifestNotFoundException when I attempt to create an Application Link between JIRA and Confluence:

 

2015-10-12 14:58:30,011 http-bio-8080-exec-22 ERROR jiralocaladmin 898x343x1 zcyxmz 10.212.134.1,0:0:0:0:0:0:0:1 /rest/applinks/2.0/applicationlinkForm/manifest.json [core.rest.ui.CreateApplica
tionLinkUIResource] ManifestNotFoundException thrown while retrieving manifest
com.atlassian.applinks.spi.manifest.ManifestNotFoundException: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

 

I have tried suggestions on the following linked pages with no luck:

The first link suggests that I can circumvent the inner SSLHandshakeException by adding "-Dhttps.protocols=TLSv1.1,TLSv1.2" to my java arguments.  I accomplished this by adding the arguments to my "JVM_SUPPORT_RECOMMENDED_ARGS" variable in the JIRA_INSTALLATION/bin/setenv.sh script.  

After I do this, the inner exception changes from an SSLHandshakeException to a ValidatorException:

 

2015-10-12 14:36:34,622 http-bio-8080-exec-20 ERROR jiralocaladmin 876x97x1 1fxu6if 10.212.134.1,0:0:0:0:0:0:0:1 /rest/applinks/2.0/applicationlinkForm/manifest.json [core.rest.ui.CreateApplica
tionLinkUIResource] ManifestNotFoundException thrown while retrieving manifest
com.atlassian.applinks.spi.manifest.ManifestNotFoundException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.c
ertpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

I have tried almost everything under the sun to fix this, but am having no luck!  The SSLPoke class suggested in the second link comes back with the following message:

Successfully connected

NOTE:  I am running Confluence (5.6.1) and JIRA (6.3.6) with Java 1.8.0_u60 on the same server under Apache / SSL on RHEL 6.

Any thoughts or suggestions would be GREATLY appreciated!  Lost 5+ hours to this today.

Answer
Watch
Like Be the first to like this
1418 views

2 answers

0 votes
Jason Horn
Jason Horn October 12, 2015

Thanks for your response David!

I am using Cert that has been signed by a Corporate CA.  This will not be a publicly accessible site, so no Publicly Signed Cert, sorry.

I verified that SSLPoke is being executed by the same java as what was listed in JIRA's System Information -> java.home property:

JDK_HOME/jre/

I verified that the cert is installed in the same Java keystore:

JDK_HOME/jre/bin/keytool -list -v -alias jira -keystore ../lib/security/cacerts

I restarted JIRA after importing.  Any other thoughts?

View More Comments
Dave C
Dave C
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 12, 2015

Have you got an outbound HTTPS proxy that's being used in JIRA? It could potentially be doing something with certificates that's causing problems - you could bypass it with the nonProxyHosts. Or better yet, created an unproxied applink (ie bypass SSL completely, this is OK for internal networks) as per https://confluence.atlassian.com/display/KB/How+to+create+an+unproxied+Application+Link

Like
Reply
0 votes
Dave C
Dave C
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 12, 2015

The "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" error means that the version of Java you're trying to connect with to the target endpoint is not supported by the protocol / cipher's that are available. 

When you edited the protocols, this went from a ManifestNotFoundException to SunCertPathBuilderException, as the protocols were then supported, however the certificate then sounds like it wasn't in the trust store of the Java version being used. For Java to connect to something encrypted it needs to know it's running a trusted certificate.

Are you using self-signed or publicly signed CA certs? You can get a CA signed cert for $5 a year from certain sites and this is much more secure than a self-signed certificate, and is also means you don't need to go messing around with the trust store to get things working (specifically importing certificates into cacerts).

If SSLPoke is working but Java is not, it's likely that you may be using a different version of Java to test SSLPoke that is used to run JIRA - you can verify this by checking the java.home in the System Properties in JIRA, and compare that to the path of Java running SSLPoke.

I'd suggest checking that the certificate exists in the Java trust store of JIRA, and that you're using the same version to test SSLPoke as JIRA is running. Also after importing a cert you need to restart JIRA as the trust store is cached in memory.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events