Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Certificate error

isimunovic@leveragedcm.com.au
isimunovic@leveragedcm.com.au September 11, 2017

Hi,

 

My Jira and Conflucne cant establish a link. Despite initally being configured and working.

 

I am getting the beneath error when looking at application links status.

 

 

 

The remote certificate can't be trusted

may be using a self-signed SSL certificate or a certificate that was issued by a certificate authority that isn't known locally.

 

 

Please help , I need to be able to embedd tables between conflucne and JIRA.

 

Regards, 

Answer
Watch
Like Be the first to like this
6783 views

1 answer

2 votes
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 11, 2017

I understand you are seeing an application links error indicating that the SSL certificates are not trusted between Confluence and Jira. 

To eliminate the error, it is necessary to make sure the certificate from each application is in the other application's Java truststore.There are instructions for finding the truststores and importing the certificates in this article: Connecting to LDAP or JIRA applications or Other Services via SSL

View More Comments
isimunovic@leveragedcm.com.au
isimunovic@leveragedcm.com.au September 11, 2017

Hi Ann, 

 

Apprecite the quick reply!

 

I see what you are hinting at. As both Jira and Confluence are on the same server using same Java, you think by enrolling the certificate and restarting both apps this will eliviate the issue?

 

Regards, 

Like
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 11, 2017

Yes, it should cause the applications to trust the SSLcertificates from each other. The trust store is different from the keystore from which the applications serve the SSL content.

You are correct that you will have to restart the applications to pick up the changes to the trust store.

Like
isimunovic@leveragedcm.com.au
isimunovic@leveragedcm.com.au September 11, 2017

Sounds good, will be in a position to action this later in the afternoon.

 

Will let you know how it goes.

Like
isimunovic@leveragedcm.com.au
isimunovic@leveragedcm.com.au September 12, 2017

Hi Ann, 

I carried out what you described above and got the following;.

1. When I ran  keytool -importcert -  <cert details>

I had a sucessfull import , cert showed up via the  -list commnad. 

Prior to running the command I ran;

export PATH=/opt/atlassian/jira/jre/bin

Restarted both apps and no result.

Still same error.

 

2. As i was reading the app error details, I found ( https://confluence.atlassian.com/display/APPLINKS052/SSL+and+application+link+troubleshooting+guide#SSLandapplicationlinktroubleshootingguide-location)

ie. that the default cert store was in fact in JAVA_HOME/jre/lib/security/cacerts.

 

So when I ran the command from 1. against the beneath -keystore I got prompted for a pw.. which I did not set, nor could guess;

 

[root@localhost bin]# keytool -list -keystore /opt/atlassian/jira/jre/lib/security/cacerts 

Enter keystore password:  

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

 

That is where I am at... 

Keen to hear suggestions and advice.

Like
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 12, 2017

It sounds like you are on the home stretch. The default trust store is <JAVA_HOME>/jre/lib/security/cacerts as you mentioned. The default password is usually "changeit" (without quotes). I am eager to hear whether the application links work after you complete the import procedure.

Like
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 12, 2017

Sounds like you are almost done. I am happy to hear you found the default trust store. The doc I linked does have the path as part of the keytool commands but you have to scroll to see it so I should have been clearer on that.

Please try the password, "changeit" (without quotes).

I am optimistic that the application links will work once you complete the import procedure.

Like
isimunovic@leveragedcm.com.au
isimunovic@leveragedcm.com.au September 13, 2017

Hi Ann!

 

The default password worked, 'changeit' , import was sucess full.

Now the error I am seeing is as following;

Invalid OAuth signature
We couldn't connect to LCM Confluence, possibly because that instance is behind a misconfigured proxy.
CloseTroubleshoot this problem

Is there anything specific here I should try; https://confluence.atlassian.com/display/APPLINKS052/OAuth+troubleshooting+guide#OAuthtroubleshootingguide-OAuthinvalidsig 

 

Let me know, I think we are close..

Like
Harish Tuccapuram
Harish Tuccapuram October 14, 2018

Im facing the same error, did anyone figure this out all of a sudden this stopped working running confluence on 6.9.0 version and JIRA 7.9.2.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events