HI *,
I have a seriuos problem with my jira and stash installation (on the same server) behind a ssl apache proxy. Both systems have HTTPS as Base URL configured.
I can access the systems with the following urls:
But if I try adding the systems in application links it says, that the url is not responding, which is not correct.
So why?
Found the solution by myself... atlassian seems to have an own jre folder inside /opt/atlassian/jira/jre (don't know why) and uses an own cacerts file which was not updated with the new trusted ca
I don't know if this is a bug in the Atlassian products. I've had big problems to establish a link between Atlassian products on my local network with a reverse proxy (nginx) and SSL. Without SSL it worked out of the box. With SSL there was always a warning/error 'unable to find valid certification path to requested target' in the log. But the root CA was in the default java keystore (cacerts) for sure. I've verified this by SSLPoke (https://confluence.atlassian.com/pages/viewpage.action?pageId=186712330).
After all I've found the problem: My reverse proxy was hosting multiple (virtual) domains (f.e. *.mysite.com, *.mysite.local) with different wildcard SSL-certs. And JIRA (Confluence, Stash, ...) is connecting to the reverse proxy without the domain name, just by the IP. The reverse proxy returned in this case the certificate for the default (com) site. And this was not the expected (local) certificate by JIRA. My workaround is now to listen with the reverse proxy on a dedicated IP address for the local services and return the local certificate as default. Okey, it's now also a more secure solution. But on the other hand it is not uncommon to host different domains, each with its own SSL certificate, on the same IP address. So maybe it's a bug?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Okey obviously I forgot the things with the cacerts. Stash is now able to connect to Jira, but it is not working vici versa and there is no message in the log file. My Proxy settings of Stash are the following:
<Connector port="7990" protocol="HTTP/1.1" connectionTimeout="20000" useBodyEncodingForURI="true" redirectPort="8443" compression="on" compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript" scheme="https" proxyName="foo.bar.com" proxyPort="443" />
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There are atleast couple of reasons why this can happen. Your logs should tell the exact error.
1.Due to certificate errors. See https://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services on how to fix that.
2.Missing proxy settings. See
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.