Our environment requires mutual client/server authentication. There are times when Jira reaches back to itself to get information. One of these is when you go to add gadgets and it calls to get information of them, another is during the healthcheck when the baseurl is said to be bad.
We are using the following variables in our installation for the certificates:
As of Jira 7.4.3, Jira's implementation of both of these uses the HttpClientBuilder (org.apache.http.impl.client.HttpClientBuilder). In order for the HttpClientBuilder to supportthe keyStore and keyStorePassword variables the "useSystemProperties()" needs to be called during it's setup. For some reason without specifying this, only some of the variables are supported like the trustStore/trustStorePassword variables.
Jira's implementation of the gadget plugin (atlassian-gadgets-opensocial-plugin v4.2.21) and the healthcheck plugin (plugin-jira v1.0.2 previously jira-healthcheck-plugin) does not use the "useSystemProperties()" method when building the HttpClient. This prevents the keystore being loaded in needed for client authentication. (Apparently the truststore is loaded in regardless, but that is a separate issue.)
Due to this, when the server tries to authenticate back to itself it does not provide it's certificate and the connection is rejected. Therefore you get the "__MSG_gadget.activity" gadget names and invalid baseurl message from the health check plugin.
After taking down the two jar source files and inserting the line:
After line 77 (where the httpClientBuilder is intialized) in the com.atlassian.troubleshooting.jira.healthcheck.support.BaseUrlHealthCheck class.
and After line 104 (where the httpClientBuilder is intialized) in the com.atlassian.gadgets.renderer.internal.http.HttpClientFetcher class.
and then repackaging and redeploying the jars to our server, everything is fixed. This is too tedious to do on every update though.
I have seen similar issues on Atlassian's website on how to fix this issue, but none pointing to this solution. Typically it refers to a misconfiguration of the server Jira is deployed on which is not the case here. Would like to request this fix be applied to these classes where the HttpClientBuilder is used.
If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot