Our environment requires mutual client/server authentication. There are times when Jira reaches back to itself to get information. One of these is when you go to add gadgets and it calls to get information of them, another is during the healthcheck when the baseurl is said to be bad.
We are using the following variables in our installation for the certificates:
As of Jira 7.4.3, Jira's implementation of both of these uses the HttpClientBuilder (org.apache.http.impl.client.HttpClientBuilder). In order for the HttpClientBuilder to supportthe keyStore and keyStorePassword variables the "useSystemProperties()" needs to be called during it's setup. For some reason without specifying this, only some of the variables are supported like the trustStore/trustStorePassword variables.
Jira's implementation of the gadget plugin (atlassian-gadgets-opensocial-plugin v4.2.21) and the healthcheck plugin (plugin-jira v1.0.2 previously jira-healthcheck-plugin) does not use the "useSystemProperties()" method when building the HttpClient. This prevents the keystore being loaded in needed for client authentication. (Apparently the truststore is loaded in regardless, but that is a separate issue.)
Due to this, when the server tries to authenticate back to itself it does not provide it's certificate and the connection is rejected. Therefore you get the "__MSG_gadget.activity" gadget names and invalid baseurl message from the health check plugin.
After taking down the two jar source files and inserting the line:
After line 77 (where the httpClientBuilder is intialized) in the com.atlassian.troubleshooting.jira.healthcheck.support.BaseUrlHealthCheck class.
and After line 104 (where the httpClientBuilder is intialized) in the com.atlassian.gadgets.renderer.internal.http.HttpClientFetcher class.
and then repackaging and redeploying the jars to our server, everything is fixed. This is too tedious to do on every update though.
I have seen similar issues on Atlassian's website on how to fix this issue, but none pointing to this solution. Typically it refers to a misconfiguration of the server Jira is deployed on which is not the case here. Would like to request this fix be applied to these classes where the HttpClientBuilder is used.
Thank you for raising this issue. I have created the Suggestion on your behalf and you can find it at JRASERVER-65887. Please vote on the issue to add impact and you'll be notified of any changes to the ticket.
Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG