Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP SSL Failed

Ian Carson
Ian Carson June 21, 2018

Hi,

I am trying to connect to my ad.domain.com and whenever the JIRA server tries to connect it throws an error about the SSL. I have gone through the steps online and have tried the SSLPoke tool  to see what is going wrong... I ran these two commands

/opt/atlassian/jira# $JAVA_HOME/bin/java SSLPoke ad.domain.com 443
Successfully connected
/opt/atlassian/jira# $JAVA_HOME/bin/java SSLPoke ad.domain.com 636
Successfully connected

And both connected without a problem. This is the error I get from JIRA...

Connection test failed. Response from the server:
ad.domain.com:636; nested exception is javax.naming.CommunicationException: ad.domain.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Answer
Watch
Like Be the first to like this
6870 views

3 answers

0 votes
Alexander Pappert
Alexander Pappert
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 5, 2020

@kamrulhussain @Ian Stuart 

step 3 solved my Problem with SSL

https://confluence.atlassian.com/adminjiraserver0710/configuring-an-ssl-connection-to-active-directory-953144428.html 

View More Comments
Ian Stuart
Ian Stuart February 5, 2020

Thanks for responding! I tried this initially and it didn't work... I ended up moving our certs into a different directory, performing the above operation again, then rebooting. Then it worked.

Like
Reply
0 votes
Ian Carson
Ian Carson June 22, 2018

Those are the instructions I followed exactly. That's where the SSLPoke came from. As you can see, they are coming as Successfully Connected.

View More Comments
Ian Stuart
Ian Stuart January 7, 2020

Did you ever get this resolved? I'm running into the same issue.

Like
kamrulhussain
kamrulhussain January 22, 2020

Same, were you able to get the issue resolved? 

Like
Reply
0 votes
Fabio Racobaldo _Herzum_
Fabio Racobaldo _Herzum_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 22, 2018

Hi Ian,

 

did you try to add the certificate into java cacert? Here a guide that could help you https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html

 

Ciao,

Fabio

View More Comments
Ian Carson
Ian Carson June 22, 2018

I followed those instructions already, the keystore has my ssl. I don't quite know why it still fails. I am unsure if the JIRA install has it's own java instance it's using?

Like
Fabio Racobaldo _Herzum_
Fabio Racobaldo _Herzum_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 22, 2018

If you are a JIRA Administrator, you can go to System-> System Info and find "java.home".

Based on this you will be sure that JIRA is using the jdk in which you need to install the correct cacert.

Hope this helps,

Fabio

Like
Ian Carson
Ian Carson June 22, 2018

It's using a local install of java. How can I make JIRA use the system JAVA installation?

Like
Fabio Racobaldo _Herzum_
Fabio Racobaldo _Herzum_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 22, 2018

You need to setup it in <JIRA-HOME>/bin/setenv.sh (on linux) or <JIRA-HOME>/bin/setenv.bat (on windows)

Please, read the following instruction

https://confluence.atlassian.com/jirakb/how-to-use-a-jdk-or-jre-exclusively-on-jira-765594330.html

 

Ciao,

Fabio

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events