Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Cannot get SSL certificate to validate

ICT
ICT October 19, 2022

I have been trying for about a week or so to get our Jira Service desk instance to have a valid SSL certificate and now I'm reaching the end of my tether!

I've managed to get Jira to work over HTTPS so the SSL guide has worked. However Chrome is showing that the certificate is not valid and therefore I cannot get OAuth 2.0 to work in order to get out/inbound emails from Office365. From the tests I have run (using SSLPoke.class and Portecle) everything is configured and can communicate... it's just the invalid certificate that is stopping Jira and Office365 talking.

We have a wild card certificate (*.domain.org.uk) that we use for many systems/services. I've added it to multiple Java keystores as we have JDK, JRE and the inbuilt JRE installed. I've created a keystore using Portecle as per the SSL configuration guide and added this wildcard certificate. I've pointed Jira/Tomcat to use the non-built in versions of JDK and JRE but this just returns a 503 error page - I have to roll back changes to a restore point as repointing to the original version doesn't rectify this. 

I've also tried using a self-signed certificate (ending at step 13 of the guide). I've tried changing the alias to the wildcard name and the local server name. I've exported a certificate from Microsoft (there was something somewhere about testing the connection and then exporting from there). I've added all the certificates to the .jks file and tried them on their own.

I've changed and and checked settings via config.bat, Tomcat9 and in server.xml. I've removed everything I did and started from scratch. I've updated Java. I've updated to the latest Jira Core and Service Desk. I've updated all our managed apps (of what it available). I've checked for other apps that could help manage the OAuth 2.0. I've added certificates to local machines (at least the ones I'm testing on). I've cleared caches in Chrome and in Tomcat (the Catalina and plugin folders).

I've not tried getting a CA signed certificate as it is only a local installation - the only connection to the internet/outside world is the email requests and replies (the portal can only be accessed when on-site or using our remote desktop).

This seems to be the only thing that is stopping us from communicating with our users from Jira via email. We are currently having to manage all incoming tickets via our mailbox directly and nothing is being tracked in our ticket system.

Please help. I'm so tired now. 

Answer
Watch
Like Be the first to like this
394 views

1 answer

1 vote
Artur Moura
Artur Moura
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 20, 2022

Hi @ICT

Sorry to hear you are facing an issue while trying to implement SSL in Jira.

Thanks for the detailed information about the issue btw.

As per your description, I would bet the certificate used by Jira is not exporting the full chain, which contains the root and intermediate CAs.

With that said, since you have a wildcard certificate, I'll assume that you have a PFX file, so I would recommend you follow this How to run JIRA over HTTPS with a Personal Information Exchange (PFX) Certificate  KB and use it, instead of creating the Java KeyStore.

Please let us know your thoughts.

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events