Unable to Connect to SSL Services due to PKIX Path Building Failed sun.security.provider.certpath.Su

Hi,

I see that you are getting this PKIX path building failed error.   Sorry to hear this, but this error is telling us that Jira is unable to see the certificate of the host that Jira is attempting to connect to.  There is a helpful KB on this problem over in Unable to connect to SSL services due to "PKIX Path Building Failed" error.

This error could be generated though in a couple of different ways, such as when Jira is trying to connect to an LDAP server, SMTP server, another application via application links, etc.  It can even happen when Jira might try to connect to itself over HTTPS.  Jira does expect to be able to reach its base URL address over the network from time to time.  If the Java truststore doesn't have the SSL Certificate of the destination site, you can see this error.

I would recommend stating with the diagnosis steps on this page.

1. Download SSLPoke.class

2. Execute the class as per the below, changing the URL and port appropriately. Take care that you are running the same Java as what Confluence is running with. If you used the installer you will need to use <confluence-home>/jre/java

   $JAVA_HOME/bin/java SSLPoke jira.example.com 443

If you run this from the machine Jira is running on, and you see the same pkix error, and you have $JAVA_HOME defined, then we have just recreated this same problem with the sslpoke.class using the same Java that Jira is likely using.  This is just a confirmation that we need to add the certificate to the Java truststore.  Steps to do that are in the kb How to import a public SSL certificate into a JVM.  

This guide explains a couple of different methods you can follow in order to add that certificate to the JVM truststore.

Please let me know if you have any questions about these steps.

Andy