Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Application Links over SSL with a PFX Cert

Network Administrator
Network Administrator January 13, 2014

We are running both JIRA (v5.2.6) and Confluence (v5.3.1) over SSL. They are running on the same server, but using different IP addresses. We have the security constraint in our web.xml file to force https. Lastly we are using a PFX cert exported from IIS to access the sites (had to add a keystoreType attribute to specify that it's a PKCS12 file).

Our Application Links don't work. To test it, I removed the SSL constraint in the web.xml file and changed the Base URLs to http://, and it worked. So it's just the SSL configuration that is messing things up.

I found this JIRA KB article (https://confluence.atlassian.com/display/JIRAKB/Unable+to+Connect+to+SSL+Services+due+to+PKIX+Path+Building+Failed+sun.security.provider.certpath.SunCertPathBuilderException) that tells how to make it work, but they are using Java keystores.

Two questions:

1. Has anyone successfully set up Application Links over SSL?

2. Is it possible to do it without using Java keystores?

I have a ticket out with Atlassian Support, but he's saying that they don't actually support Application Links over SSL, that I should either set it up over http, or check Atlassian Answers for further help.

Answer
Watch
Like Be the first to like this
1867 views

2 answers

1 accepted

1 vote
Answer accepted
Network Administrator
Network Administrator April 4, 2014

Nick,

Thanks for your response. We ended up finding a solution. I THINK it's the same as what you're suggesting. We had to basically take the Root CA cert portion of our PFX file (I'm no certificate expert) and save it as its own .crt file (I think we used OpenSSL). Then we imported that into the default Java keystore (%JAVA_HOME%/jre/lib/security/cacerts).

Again, I'm a cert novice, so I don't have full understanding as to why that worked. Does it sound like I over-complicated it?

~Mike

Reply
0 votes
NickM
NickM April 2, 2014

Hi,

We had this same issue.

In the end we had to make sure that the certificates were in the application directory keystores as well. e.g. Confluence/jre/security along with the base JRE directory as specfified in JAVA_HOME

We also found that you needed the domain and server certificates in the keystores.

Hope that helps

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events