It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Connect JIRA Service Desk to MS SQL using Force Encryption

Hi all,

I am using JIRA Service Desk 3.5.0 and I try to connect to my MS SQL Server using Force Encryption. The JIRA SErvice Desk is installed as Service on the same Server as MS SQL.

The problem is, that JSD don't connect to the MS SQL when I activate Force encryption and my company requiers me to enable "Force Encryption".

Can you help me to solve the problem?

Thanks a lot and best regards,

Ali

3 answers

0 votes

How are you enabling the encryption in the Tomcat SQL driver?

I didn't I just activated Force Encryption in the MS SQL and saw that I couldn't start JIRA Service Desk anymore.

So you told your database to accept only encrypted connections but did not tell the database user (The Tomcat running JIRA) to encrypt anything. 

You'll need to work out how to tell Tomcat to use encryption for the jtds driver.

I am sorry I didn't know that I have to configure the Tomcat. I am new in all this things. I will try to solve the Problem and give my feedback. Thank you!

If anyone can help me with the configuration I would appreciate it.

 

I changed the jtds-1.3.1.jar to be able to connect with Force Encryption on with TLSv1.2 and changed the server.xml connector like this:

<Connector port="8081"
     maxHttpHeaderSize="8192" 
     maxThreads="150"
     minSpareThreads="25"
     connectionTimeout="20000"
     enableLookups="false"
     maxHttpHeaderSize="8192"
     protocol="HTTP/1.1"
     useBodyEncodingForURI="true"
     redirectPort="8443"
     acceptCount="100"
     proxyName="xxxxx.de"
     proxyPort="443"
     scheme="https"
     disableUploadTimeout="true"
     SSLEnabled="true"
     useCipherSuitesOrder="true"
     sslProtocol="TLSv1.2"
     sslEnabledProtocols = "TLSv1.2"
     secure="true"
     clientAuth="false"
     />

I also changed the dbconfig.xml (ssl=true), but unfortunatly I can't connect to JIRA via browser. The altassian.log is saying this:

**********************************************************************************
    JIRA 7.3.6 build: 73017 started. You can now access JIRA through your web browser.
    **********************************************************************************

but I just can't connect to JIRA.

can you help me one more time?

Regards,

Ali El Banna

I have now configered the dbconfig.xml with ssl=true and replaced the jtds-1.3.1.jar file with another one to be able to do the SSLHandshake with TLSv1.2. I also worte the following in the connector:

<Connector port="8081"
   maxHttpHeaderSize="8192" 
   maxThreads="150"
   minSpareThreads="25"
   connectionTimeout="20000"
   enableLookups="false"
   maxHttpHeaderSize="8192"
   protocol="HTTP/1.1"
   useBodyEncodingForURI="true"
   redirectPort="8443"
   acceptCount="100"
   proxyName="xxxxx"
   proxyPort="443"
   scheme="https"
   disableUploadTimeout="true"
   SSLEnabled="true"
   useCipherSuitesOrder="true"
   sslProtocol="TLSv1.2"
   sslEnabledProtocols = "TLSv1.2"
   secure="true"
   clientAuth="false"
   /> 

I think the connection is building now successfully but there is a problem while starting the plug-ins as you can in the following see in the atlassian log:

2017-07-07 09:50:45,694 xxxxxx.de-startStop-1 INFO      [c.a.jira.startup.JiraHomeStartupCheck] The jira.home directory 'I:\Program Files\Atlassian\Application Data\JIRA' is validated and locked for exclusive use by this instance.
2017-07-07 09:50:45,798 JIRA-Bootstrap INFO      [c.a.jira.startup.JiraStartupLogger] 
    
    ****************
    JIRA starting...
    ****************
    
.
.
.

**********************************************************************************
    JIRA 7.3.6 build: 73017 started. You can now access JIRA through your web browser.
    **********************************************************************************
    
.
.
.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
 at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
 at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
 at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
 at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
 at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
 at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
 at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
 at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
 at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
 at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
 at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
 at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
 at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
 at com.atlassian.jira.plugins.healthcheck.support.BaseUrlHealthCheck.doCheck(BaseUrlHealthCheck.java:52)
 at com.atlassian.jira.plugins.healthcheck.support.AbstractSupportHealthCheck.check(AbstractSupportHealthCheck.java:23)
 at com.atlassian.support.healthcheck.impl.PluginSuppliedSupportHealthCheck.check(PluginSuppliedSupportHealthCheck.java:41)
 at com.atlassian.support.healthcheck.thread.HealthCheckCallable.call(HealthCheckCallable.java:32)
 at com.atlassian.support.healthcheck.thread.HealthCheckCallable.call(HealthCheckCallable.java:15)
 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
 at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
 at sun.security.validator.Validator.validate(Validator.java:260)
 at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
 ... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
 at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
 ... 35 more
2017-07-07 09:53:38,104 Caesium-1-1 WARN      [c.a.a.c.hash.reader.RemoteHashingInstructionsReader] Unable to read remote instructions with key 'uid.onewayhash'.
2017-07-07 09:53:38,104 Caesium-1-1 WARN      [c.a.a.client.hash.BcryptAnalyticsEmailHasher] No instructions for hashing could be found.
2017-07-07 09:53:38,519 hipchat-plugin-tasks-executor-0 DEBUG      [c.a.activeobjects.osgi.ActiveObjectsServiceFactory] getService bundle [com.atlassian.plugins.base-hipchat-integration-plugin-api]
2017-07-07 09:54:04,885 SupportHealthCheckThread-2 WARN ServiceRunner     [c.a.j.p.healthcheck.util.SupportEolCheckUtil] Not able to retrieve the JIRA version information from MPAC
2017-07-07 09:54:04,885 SupportHealthCheckThread-2 ERROR ServiceRunner     [c.a.j.p.healthcheck.support.EolSupportHealthCheck] An error occurred when performing the EOL check, see the exceptions for more info
org.apache.http.conn.HttpHostConnectException: Connect to marketplace.atlassian.com:443 [marketplace.atlassian.com/104.192.142.45, marketplace.atlassian.com/104.192.142.44, marketplace.atlassian.com/104.192.142.43] failed: Connection timed out: connect
.
.
.
... 20 more 2017-07-07 10:51:38,331 Caesium-1-1 DEBUG ServiceRunner [c.a.activeobjects.osgi.ActiveObjectsServiceFactory] getService bundle [com.atlassian.plugins.authentication.atlassian-authentication-plugin] 2017-07-07 10:53:01,495 SupportHealthCheckThread-6 ERROR ServiceRunner [c.a.j.p.healthcheck.support.BaseUrlHealthCheck] An error occurred when performing the Base URL healthcheck: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at com.atlassian.jira.plugins.healthcheck.support.BaseUrlHealthCheck.doCheck(BaseUrlHealthCheck.java:52) at com.atlassian.jira.plugins.healthcheck.support.AbstractSupportHealthCheck.check(AbstractSupportHealthCheck.java:23) at com.atlassian.support.healthcheck.impl.PluginSuppliedSupportHealthCheck.check(PluginSuppliedSupportHealthCheck.java:41) at com.atlassian.support.healthcheck.thread.HealthCheckCallable.call(HealthCheckCallable.java:32) at com.atlassian.support.healthcheck.thread.HealthCheckCallable.call(HealthCheckCallable.java:15) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ... 29 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ... 35 more .
.
. Caused by: java.net.ConnectException: Connection timed out: connect at java.net.DualStackPlainSocketImpl.connect0(Native Method) at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:337) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) ... 20 more

but I can't connect to Jira through browser.

Can someon help me?

Thanks,

Ali

>but I can't connect to Jira through browser.

That's because it is not starting.  The errors you see in the logs are preventing it. 

If I remember it right, then that error means your Certificate Authority doesn't trust your certificates.  https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html might help explain it a bit more.

I deleted it because of duplicate

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira Service Desk

Tell us how you've implemented Change Management

Hello Community 👋, I'm a product manager at Atlassian, looking at improving change management capabilities across our products. In particular, we're looking at bridging the gap between Dev & ...

329 views 0 6
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you