on my Ubuntu Server I installed these Atlassian servers.
All applications are at the latest version. On the same host is an apache 2.4 configured as a proxy with mod_proxy. I created a valid certificate (no self-signed) to secure the connection between the client and my Apache Server. The apache is configurated with virtualhosts for every service which points at localhost:<application-port> and a wildcard ssl certificate.
I modified the server.xml files of the applications to add SSL compatibility. The applications themselfs are operating correctly and there are no problems.
Now I want to create application links between this four applications. Unfortunaly that is not possible, because I got the error message, that JIRA dont answer at the configured url https://jira.domain.tld - The same problem is when I connect JIRA to Confluence. The User directory feature works also fine.
Now im really angry, why that wont work?
Any suggestionns? Please help
Well since you terminate all your SSL-connections on the apache mod proxy, you need to make sure all subdomains are included in the certificate. This us done using alt_names in your openssl.cnf as you create the CSR. Make sure to include these alt_names:
jira.domain.tld jira confluence.domain.tld confluence fisheye.domain.tld fisheye bitbucket.domain.tld bitbucket
The rest of the config file needs some extra fields to make this happen, see documentation:
Once this is done, SSH to the box, download SSLPoke (link in this KB: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html )
And make sure you can ping both short and FQDN. If not:
The SSL cert presented by the apache mod proxy must be imported into each keystore, for each application. Locate all your cacerts files and make sure the cert is imported as it should.
Here is a one-liner that imports the cert to all cacerts on your filesystem:
for lines in `locate cacerts | grep cacerts$ | sed 's/\/jre\/lib\/security\/cacerts//g'`; do $lines/bin/keytool -import -alias SERVERNAME.GOES.HERE -keystore $lines/jre/lib/security/cacerts -file /PATH/TO/PEM.CERT ; done
The password for the cacerts are "changeit"
If you are using altnames, you only need to import one certificate. The alias doesn't matter as it will look for the certificate fingerprint and nothing else.
Hope this helps
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
@Rachel Wright (Jira Genie), @Billy Poggi (AUG NOVA, DC), and @Dana Jansen (Confluence Queen) are just some of the folks that lead one of the world's most active Atlassian User Group (AUG)....
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs