Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

This MySQL instance is not properly configured. WARN: Establishing SSL connection without server's Edited

I am setting up Jira on a CentOS 7 EC2 instance in AWS using RDS (5.7 with TLS) as the backend database.

The installer failed with the following error:

This MySQL instance is not properly configured. Please follow the documentation for MySQL 5.7 setup.

I have added the Amazon RDS CA Cert into the jira keystore using the following command:

/opt/atlassian/jira/jre/bin/keytool -import -alias mysqlclientcertificate -keystore /opt/atlassian/jira/jre/lib/security/cacerts -file rds-ca-2019-root.pem

catalina.out reports the following still:

Mon Sep 21 11:27:24 PDT 2020 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

Can someone from Atlassian help with the following:

  • How to solve my current problem during installation
  • I understand you can fix this post install by editing dbconfig.xml. However that doesn't help at all during the installation process and the install wizard is very limited in both error reporting and specifying options to fix this easily. Please don't tell me I need to start with an embedded DB and then migrate in order to fix this.

Bonus points for:

  • Tomcat communicating on port 80 and 443 without a proxy or iptables forwarding
  • Official documentation on setting up jira in AWS with EC2 and RDS (with TLS). This is a pretty common setup and I'm surprised there isn't official documentation on this.

2 answers

0 votes
Andy Heinzer Atlassian Team Sep 25, 2020

Hi David,

I see that you are trying to setup Jira to use a MySQL database, but with SSL/TLS encryption.  It is possible for you to setup the dbconfig.xml before Jira starts, I think that is going to be the best option in your case here.

That can be done a few different ways.  While the Jira Config Tool is one of my favorite utilities for setting up a Jira install, it is not exactly made for this kind of configuration.  That said I think you could use this just to first generate a template for the dbconfig.xml file.  Try using config tool, and selecting the database type, and try to fill out all the details as best you can there, then save the configuration, and exit the utility.  From there, I think it would be best to then manually edit the $JIRAHOME/dbconfig.xml file in order to adjust the connection string to use the 'useSSL=true' setting.

Alternatively, you can just copy the Sample dbconfig.xml file found on Connecting Jira applications to MySQL 5.7 and make the adjustments to that file. 

Either way you choose to make these changes, you just need to make sure that Jira is stopped before you create/edit the dbconfig file.  From there you can save that .xml file and then start Jira again.

While the setup wizard can be used to configure the database connection for you, the setup wizard is not designed to configure SSL connections to a database at this time.  When Jira starts up and it finds an existing dbconfig file, it will attempt to use those settings for the database in question. 

If that database can be connected to, and is found to be empty, Jira's setup wizard will still continue, you just won't be prompted to enter any database connection details.  If you see the database connection details in the setup wizard it means that the dbconfig.xml file is empty when Jira started.

If the database cannot be connected to, then you might see some errors in the setup wizard when this happens.  If that happens, I'd want to consult the $JIRAINSTALL/logs/catalina.out file to see more details about what that error is.

Try those steps.  If Jira cannot connect to the database while the dbconfig.xml is setup to use the SSL connection, then we might also need to walk through the troubleshooting steps on Unable to connect to SSL services due to "PKIX Path Building Failed" error.  That page has an addition utility called SSLpoke.class which can be used to try to verify if the Java on that system does indeed have all the certificates needed to connect to the address tested.

Let me know the results.

Andy

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
Community showcase
Published in Jira Service Management

Why upgrade to Jira Service Management Premium?

We often have questions from folks using Jira Service Management about the benefits to using Premium. Check out this video to learn how you can unlock even more value in our Premium plan.  &nb...

189 views 1 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you