Application Links over SSL with a PFX Cert

We are running both JIRA (v5.2.6) and Confluence (v5.3.1) over SSL. They are running on the same server, but using different IP addresses. We have the security constraint in our web.xml file to force https. Lastly we are using a PFX cert exported from IIS to access the sites (had to add a keystoreType attribute to specify that it's a PKCS12 file).

Our Application Links don't work. To test it, I removed the SSL constraint in the web.xml file and changed the Base URLs to http://, and it worked. So it's just the SSL configuration that is messing things up.

I found this JIRA KB article (https://confluence.atlassian.com/display/JIRAKB/Unable+to+Connect+to+SSL+Services+due+to+PKIX+Path+Building+Failed+sun.security.provider.certpath.SunCertPathBuilderException) that tells how to make it work, but they are using Java keystores.

Two questions:

1. Has anyone successfully set up Application Links over SSL?

2. Is it possible to do it without using Java keystores?

I have a ticket out with Atlassian Support, but he's saying that they don't actually support Application Links over SSL, that I should either set it up over http, or check Atlassian Answers for further help.

2 answers

1 accepted

1 vote
Accepted answer

Nick,

Thanks for your response. We ended up finding a solution. I THINK it's the same as what you're suggesting. We had to basically take the Root CA cert portion of our PFX file (I'm no certificate expert) and save it as its own .crt file (I think we used OpenSSL). Then we imported that into the default Java keystore (%JAVA_HOME%/jre/lib/security/cacerts).

Again, I'm a cert novice, so I don't have full understanding as to why that worked. Does it sound like I over-complicated it?

~Mike

Hi,

We had this same issue.

In the end we had to make sure that the certificates were in the application directory keystores as well. e.g. Confluence/jre/security along with the base JRE directory as specfified in JAVA_HOME

We also found that you needed the domain and server certificates in the keystores.

Hope that helps

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,314 views 12 19
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you