Jira, Bitbucket and Confluence on Nginx https application link

Hi, I recently installed Jira, Bitbucket and Confluence all on the same server. All fine so far; all the application can link with one other. I then configured Nginx ( on a separate server ) and proxy the applications with a subdomain ( like jira.mydomain.com , bit.mydomain.com and confluence.mydomain.com ).

All fine and all the application links were working ok.

I then implemented https with a CA certificate, modified nginx accordingly and altered the server.xml files accordingly.

Now I can reach each application via https but the application links are broken ( I get an eeror message saying "The remote certificate can't be trusted".

Any suggestion ? 

1 answer

1 accepted

0 votes
Accepted answer

Hi Matteo,

Do you know what JVM version your applications are running under (6, 7, 8) and what CA your certificates are signed with?

The Java trust store doesn't contain root certificates for some CAs until Java 8 (GoDaddy for instance). This could be what's causing your issue! I couldn't find a comprehensive list of untrusted CAs, but it may involve adding an intermediary to root certificate to your chain in nginx. If you know your CA, I can probably help you through adding an intermediary if this is the problem and you'd like some assistance.

Hi Daniel,

I actually got the godaddy bundled certificate appended to the main crt provided and now all three are talking to each other. 

Thanks for the support.

Matteo

Cool - glad that worked for you! Would you be able to hit that small grey check mark to the left of the answer (marks the answer as accepted)? This helps us organize the content on Community and other users looking for an answer.
And for anybody else coming in off Google, here's what to do:

  1. Head over to GoDaddy's certificate store at https://certs.godaddy.com/repository
  2. Open/download the G2 with cross to G1 (including the root) - search the page for gd_bundle-g2-g1.crt to get the right file
  3. Append the text of the GoDaddy cert from step 2 into the .crt or .pem file (the public key) you've got configured in nginx. You can just paste the text from the cert below the existing text on a new line at the bottom of the file.
  4. Reload nginx

Suggest an answer

Log in or Sign up to answer
Community showcase
Asked Thursday in Jira Ops

I'm John Allspaw, Ask Me Anything about incident analysis and postmortems

I'm John Allspaw, co-founder of   Adaptive Capacity Labs, where we help teams use their incidents to learn and improve. We bring research-driven methods and approaches to drive effective inciden...

5,377 views 21 17
View question

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you