I am attempting to create an application link between our JIRA Cloud instance, and a Crucible "Server" install I have made on an EC2 instance. I'm running crucible behind an NGINX reverse proxy. Initially, to test the configuration, I served our crucible instance purely on HTTP over port 80. The application link worked without issue between JIRA Cloud and our Crucible instance. However, whenever I turned on the SSL in NGINX, I received the following error while attempting to create the link:
No response was received from the URL you entered - it may not be valid. Please fix the URL below, if needed, and click Continue.
Since I didn't see any access entries hitting my NGINX logs, I assumed there was a problem with the SSL handshake. I extracted the following from the ssldump command:
New TCP connection #1: squid-104-1.sc1.uc-inf.net(49050) <-> ip-172-31-37-162.ec2.internal(443) 1 1 0.0749 (0.0749) C>SV3.1(191) Handshake ClientHello Version 3.1 random[32]= 54 f9 a5 fa cf f0 5d 5f ff 49 78 ef c4 b1 03 ae d9 98 69 37 ea 02 83 91 82 26 f9 9c 97 7c 32 56 cipher suites Unknown value 0xc009 Unknown value 0xc013 TLS_RSA_WITH_AES_128_CBC_SHA Unknown value 0xc004 Unknown value 0xc00e TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA Unknown value 0xc007 Unknown value 0xc011 TLS_RSA_WITH_RC4_128_SHA Unknown value 0xc002 Unknown value 0xc00c Unknown value 0xc008 Unknown value 0xc012 TLS_RSA_WITH_3DES_EDE_CBC_SHA Unknown value 0xc003 Unknown value 0xc00d TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 Unknown value 0xff compression methods NULL 1 2 0.0767 (0.0017) S>CV3.1(89) Handshake ServerHello Version 3.1 random[32]= 4f 0f 5b 13 61 27 48 81 2e 87 22 dd 5c ab 47 8a 89 e8 a3 65 2d 3f ae a1 93 98 d0 60 19 5f e8 f2 session_id[32]= 23 14 70 8f ff 7f 74 d0 ac da 85 71 9f 09 9f 8d 79 fe 9e b0 bd 24 a8 95 d6 d2 1c dd dc 2c d4 e6 cipherSuite Unknown value 0xc013 compressionMethod NULL 1 3 0.0767 (0.0000) S>CV3.1(1200) Handshake Certificate certificate[1190]= # -- certificate truncated -- # 1 4 0.0767 (0.0000) S>CV3.1(331) Handshake ServerKeyExchange 1 5 0.0767 (0.0000) S>CV3.1(4) Handshake ServerHelloDone 1 6 0.1606 (0.0838) C>SV3.1(2) Alert level fatal value certificate_unknown 1 0.1607 (0.0001) C>S TCP FIN 1 0.1608 (0.0000) S>C TCP FIN New TCP connection #2: squid-104-1.sc1.uc-inf.net(52238) <-> ip-172-31-37-162.ec2.internal(443) 2 1 0.0695 (0.0695) C>SV3.0(191) Handshake ClientHello Version 3.0 random[32]= 54 f9 a5 fa 47 04 5e 59 c7 74 d2 3a e3 b9 da a1 51 94 e4 bc 22 c0 45 16 9e 85 de 56 7a 7d 9e 18 cipher suites Unknown value 0xc009 Unknown value 0xc013 SSL_RSA_WITH_AES_128_CBC_SHA Unknown value 0xc004 Unknown value 0xc00e SSL_DHE_RSA_WITH_AES_128_CBC_SHA SSL_DHE_DSS_WITH_AES_128_CBC_SHA Unknown value 0xc007 Unknown value 0xc011 SSL_RSA_WITH_RC4_128_SHA Unknown value 0xc002 Unknown value 0xc00c Unknown value 0xc008 Unknown value 0xc012 SSL_RSA_WITH_3DES_EDE_CBC_SHA Unknown value 0xc003 Unknown value 0xc00d SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_RC4_128_MD5 Unknown value 0xff compression methods NULL 2 2 0.0712 (0.0017) S>CV3.0(89) Handshake ServerHello Version 3.0 random[32]= 7b 4d f4 ad a0 9c 3c 88 8a 29 00 9d 5f ad 51 5d 26 a9 14 9c cc 4b 25 44 9e b5 16 89 b3 75 3e d0 session_id[32]= 05 57 c3 f9 59 f8 67 2a 96 38 ad 59 06 7a 4a 9e 59 33 48 01 cd 2d b1 d0 0c c3 6d 66 2f 46 5f 6c cipherSuite Unknown value 0xc013 compressionMethod NULL 2 3 0.0712 (0.0000) S>CV3.0(1200) Handshake Certificate certificate[1190]= # -- certificate truncated -- # 2 4 0.0712 (0.0000) S>CV3.0(331) Handshake ServerKeyExchange 2 5 0.0712 (0.0000) S>CV3.0(4) Handshake ServerHelloDone 2 6 0.1466 (0.0754) C>SV3.0(2) Alert level fatal value certificate_unknown 2 0.1466 (0.0000) C>S TCP FIN 2 0.1467 (0.0000) S>C TCP FIN
The error toward the end of each connection attempt: "Alert, level: fatal, value: certificate_unknown" leads me to believe there is a problem with our certificate. However, when I connect to https://support.leafsoftwaresolutions.com, the certificate is valid according to Firefox and Chrome.
Is there any reason why our certificate would not be trusted by the JIRA Cloud instance while attempting to create the application link?
For future reference, I was able to figure out my own issue.
I noticed that not only did JIRA not authenticate, but FireFox also did not automatically trust my SSL certificate. The issue for me was in how I had installed the certificate. I was exporting the cert from a windows server that was previously hosting the same domain. When I exported the certificate from the windows certificate manager, I failed to check the "Include all certificates in the certification path if possible" check box, and thus lead me to this issue.
See this page for the full instructions to export your certificate from windows to make it ready to host on an NGINX server on Ubuntu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.