I am setting up Jira on a CentOS 7 EC2 instance in AWS using RDS (5.7 with TLS) as the backend database.
The installer failed with the following error:
This MySQL instance is not properly configured. Please follow the documentation for MySQL 5.7 setup.
I have added the Amazon RDS CA Cert into the jira keystore using the following command:
/opt/atlassian/jira/jre/bin/keytool -import -alias mysqlclientcertificate -keystore /opt/atlassian/jira/jre/lib/security/cacerts -file rds-ca-2019-root.pem
catalina.out reports the following still:
Mon Sep 21 11:27:24 PDT 2020 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
Can someone from Atlassian help with the following:
Bonus points for:
@David Cahill can you check the below link may be this will help to fix your issue.
I see that you are trying to setup Jira to use a MySQL database, but with SSL/TLS encryption. It is possible for you to setup the dbconfig.xml before Jira starts, I think that is going to be the best option in your case here.
That can be done a few different ways. While the Jira Config Tool is one of my favorite utilities for setting up a Jira install, it is not exactly made for this kind of configuration. That said I think you could use this just to first generate a template for the dbconfig.xml file. Try using config tool, and selecting the database type, and try to fill out all the details as best you can there, then save the configuration, and exit the utility. From there, I think it would be best to then manually edit the $JIRAHOME/dbconfig.xml file in order to adjust the connection string to use the 'useSSL=true' setting.
Alternatively, you can just copy the Sample dbconfig.xml file found on Connecting Jira applications to MySQL 5.7 and make the adjustments to that file.
Either way you choose to make these changes, you just need to make sure that Jira is stopped before you create/edit the dbconfig file. From there you can save that .xml file and then start Jira again.
While the setup wizard can be used to configure the database connection for you, the setup wizard is not designed to configure SSL connections to a database at this time. When Jira starts up and it finds an existing dbconfig file, it will attempt to use those settings for the database in question.
If that database can be connected to, and is found to be empty, Jira's setup wizard will still continue, you just won't be prompted to enter any database connection details. If you see the database connection details in the setup wizard it means that the dbconfig.xml file is empty when Jira started.
If the database cannot be connected to, then you might see some errors in the setup wizard when this happens. If that happens, I'd want to consult the $JIRAINSTALL/logs/catalina.out file to see more details about what that error is.
Try those steps. If Jira cannot connect to the database while the dbconfig.xml is setup to use the SSL connection, then we might also need to walk through the troubleshooting steps on Unable to connect to SSL services due to "PKIX Path Building Failed" error. That page has an addition utility called SSLpoke.class which can be used to try to verify if the Java on that system does indeed have all the certificates needed to connect to the address tested.
Let me know the results.
We often have questions from folks using Jira Service Management about the benefits to using Premium. Check out this video to learn how you can unlock even more value in our Premium plan. &nb...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events