Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Application links over https issue same machine

Miguel Angel Soriano October 3, 2019

Hi,

I have a big problem. I have migrated same machine (confluence,bitbucket and jira software). 3 installation independent.. I have bought 3 certificate in goddady. Everything working except application link.

 

The error is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

I have imported certificates (root, intermediate, or crt of goddady) in truststore java (cacerts)

I have revised:

https://community.atlassian.com/t5/Confluence-questions/Configure-Application-Links-Confluence-to-Jira/qaq-p/1170329

https://community.atlassian.com/t5/Confluence-questions/Configure-Application-Links-Confluence-to-Jira/qaq-p/1170329

 

https://community.atlassian.com/t5/Confluence-questions/Application-links-over-https/qaq-p/747739

https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html?_ga=2.222968606.407962812.1570019609-1636446632.1554721878

What can i do??

 

Many thanks

 

2 answers

1 accepted

0 votes
Answer accepted
Jack Nolddor _Sweet Bananas_
Atlassian Partner
October 3, 2019

Hi Miguel Angel,

 

Some thing to point out here:

  • You need to import the public part of related cert on the cacerts file used by your JVM for the other application as well. I mean, on Jira you must add the Confluence certs on the cacerts and viceversa.
  • After that, you need to reboot both applications
  • You can use the SSLPoke.class without reboot to see if you have added the certs correctly (see Diagnosis section)

 

Note that a SSLHandshakeException means that the certificates hasn't been added correctly or you forgot to reboot the application.

 

Regards

Miguel Angel Soriano October 3, 2019

Hi Jack,

thanks for you answer. I have used SSLPoke y everything is ok.. I use a UCC certificate (is the same certificate for 3 applications). I have rebooted the machine..

I don`t know what can i do more

 

 

 

 

Jack Nolddor _Sweet Bananas_
Atlassian Partner
October 3, 2019

Are you sure that your application is using the Java Runtine Enviroment located at C:\Program Files\Java\jre1.8.0_221 ?

If so:

Have you added the public part of the other application certificate OR the CA to the cacerts file located at C:\Program Files\Java\jre1.8.0_221\security\cacerts in both applications

I've supposed the certificate has been generated correctly but do you mind to try the HttpClientTest to check if there is any problem?

 

Regards

Miguel Angel Soriano October 4, 2019

Hi Jack,

First thanks so much for your help . I found the issue.. The problem was in the cacert.. Jira installed in windows use this path C:\Program Files\Atlassian\JIRA\jre\lib\security and I did the change in java_home (in my system was C:\Program Files\Java\jre1.8.0_221)

 

I have added the public part in the C:\Program Files\Atlassian\JIRA\jre\lib\security\cacert and everything is working.

It was my fault not say what operative system i had.

For detect the public part, i used this (https://support.cloudbees.com/hc/en-us/articles/217078498-PKIX-path-building-failed-error-message)

Thanks, I appreciate your help

Jack Nolddor _Sweet Bananas_
Atlassian Partner
October 4, 2019

You're welcome ;)

Did my answer solve your problem?

If so, consider to mark the proposed solution as an 'Accepted answer'. This will help other people with the same or a quite similar problem to find a solution in a easy and faster way. Otherwise, if you solve the problem in other way that hasn't been suggested in this thread yet, please consider to reply your original message to tell us what was the final solution to the problem, you can also mark your own reply as an 'Accepted answer'. 

In addition, by doing this the post will automatically gain the "Solved:" prefix in search results to indicate other people that no further support is needed.

Kind Regards.

Like Miguel Angel Soriano likes this
0 votes
Miguel Angel Soriano October 4, 2019

I have added the public part in the C:\Program Files\Atlassian\JIRA\jre\lib\security\cacert and everything is working.

It was my fault not say what operative system i had.

Suggest an answer

Log in or Sign up to answer