Application links ssl proxy (Jira|Confluence|Bitbucket|Fisheye)


on my Ubuntu Server I installed these Atlassian servers.

  • JIRA
  • Confluence
  • Fisheye
  • Bitbucket

All applications are at the latest version. On the same host is an apache 2.4 configured as a proxy with mod_proxy. I created a valid certificate (no self-signed) to secure the connection between the client and my Apache Server. The apache is configurated with virtualhosts for every service which points at localhost:<application-port> and a wildcard ssl certificate.

I modified the server.xml files of the applications to add SSL compatibility. The applications themselfs are operating correctly and there are no problems.

Now I want to create application links between this four applications. Unfortunaly that is not possible, because I got the error message, that JIRA dont answer at the configured url https://jira.domain.tld - The same problem is when I connect JIRA to Confluence. The User directory feature works also fine. 

Now im really angry, why that wont work?


Any suggestionns? Please help


1 answer

1 accepted

0 votes
Accepted answer

Well since you terminate all your SSL-connections on the apache mod proxy, you need to make sure all subdomains are included in the certificate. This us done using alt_names in your openssl.cnf as you create the CSR. Make sure to include these alt_names:


The rest of the config file needs some extra fields to make this happen, see documentation:

Once this is done, SSH to the box, download SSLPoke (link in this KB: )

And make sure you can ping both short and FQDN. If not:

The SSL cert presented by the apache mod proxy must be imported into each keystore, for each application. Locate all your cacerts files and make sure the cert is imported as it should.

Here is a one-liner that imports the cert to all cacerts on your filesystem:

for lines in `locate cacerts | grep cacerts$ | sed 's/\/jre\/lib\/security\/cacerts//g'`; do $lines/bin/keytool -import -alias SERVERNAME.GOES.HERE -keystore $lines/jre/lib/security/cacerts -file /PATH/TO/PEM.CERT ; done

The password for the cacerts are "changeit"

If you are using altnames, you only need to import one certificate. The alias doesn't matter as it will look for the certificate fingerprint and nothing else.

Hope this helps




Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,097 views 4 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you