Hi,
I'm trying to connect JIRA service management to an inbox using IMAPS. Whenever i try to connect (through project settings -> e-mail requests, using the correct credentials) i get the following error:
Received fatal alert: handshake_failure
If i try to set up an e-mailserver it seems to work. Trying to test the configuration of an e-mailhandler however gives this error:
javax.mail.MessagingException: Received fatal alert: handshake_failure while connecting to host 'blabla' as user 'servicedesk@yadayada.com' via protocol 'imaps, caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Usually i would add the ssl certificate to the java keystore and try again. Problem is, we use JIRA service management as SaaS, so i don't think we have access to this java keystore.
Does anyone have any ideas on how to fix this?
Kind regards,
KJ
Hi Kees-Jan,
I'm afraid you can't connect to a service using a self-signed or in-company CA certificate in Atlassian Cloud.
This can be read on Configuring Jira applications to receive email from a POP or IMAP mail server.
Are you able to replace your mail server's certificate signed by a public CA?
Hi Charlie,
Thanks for checking out this problem and replying. I did overlook this particular potential issue. However, i double checked and i'm not using a self signed certificate/in-company CA certificate, so i guess this shouldn't be a problem :)
Do you have any other ideas?
Kind regards,
Kees-Jan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well that's odd.
Do you use an on premise / self managed email server? Perhaps something is wrong with its key chain? A missing intermediate certificate for example.
To identify those types of issues I often the openssl command like:
openssl s_client -connect <hostname>:<port>
You can find similar websites on the we doing those checks for you. Example: www.sslshopper.com but I'm not sure whether it supports custom ports.
Or if you are using a SaaS mail solution like Office 365, Gmail, Hotmail, this is out of your league and I would suggest contacting Atlassian Support instead.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The certificate is signed by Sectigo:
$ openssl s_client -connect <hostname>:443
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = <hostname>
verify return:1
---
Certificate chain
0 s:CN = <hostname>
i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
---
Maybe related to https://jira.atlassian.com/browse/JRACLOUD-76343
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well indeed, that's definitely related. And not much to do about it apparently.
You could contact support to make sure this is the issue you're dealing with .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No, apparently not. Too bad, we'll have to try something different than..
Thanks for your input, Charlie!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.