on my Ubuntu Server I installed these Atlassian servers.
All applications are at the latest version. On the same host is an apache 2.4 configured as a proxy with mod_proxy. I created a valid certificate (no self-signed) to secure the connection between the client and my Apache Server. The apache is configurated with virtualhosts for every service which points at localhost:<application-port> and a wildcard ssl certificate.
I modified the server.xml files of the applications to add SSL compatibility. The applications themselfs are operating correctly and there are no problems.
Now I want to create application links between this four applications. Unfortunaly that is not possible, because I got the error message, that JIRA dont answer at the configured url https://jira.domain.tld - The same problem is when I connect JIRA to Confluence. The User directory feature works also fine.
Now im really angry, why that wont work?
Any suggestionns? Please help
Well since you terminate all your SSL-connections on the apache mod proxy, you need to make sure all subdomains are included in the certificate. This us done using alt_names in your openssl.cnf as you create the CSR. Make sure to include these alt_names:
jira.domain.tld jira confluence.domain.tld confluence fisheye.domain.tld fisheye bitbucket.domain.tld bitbucket
The rest of the config file needs some extra fields to make this happen, see documentation:
Once this is done, SSH to the box, download SSLPoke (link in this KB: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html )
And make sure you can ping both short and FQDN. If not:
The SSL cert presented by the apache mod proxy must be imported into each keystore, for each application. Locate all your cacerts files and make sure the cert is imported as it should.
Here is a one-liner that imports the cert to all cacerts on your filesystem:
for lines in `locate cacerts | grep cacerts$ | sed 's/\/jre\/lib\/security\/cacerts//g'`; do $lines/bin/keytool -import -alias SERVERNAME.GOES.HERE -keystore $lines/jre/lib/security/cacerts -file /PATH/TO/PEM.CERT ; done
The password for the cacerts are "changeit"
If you are using altnames, you only need to import one certificate. The alias doesn't matter as it will look for the certificate fingerprint and nothing else.
Hope this helps
Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot