Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Connecting Confluence Cloud with Jira Server - SSL issues

Daniel Becroft
Daniel Becroft February 11, 2019

We are on a trial period for Confluence Cloud, and trying to connect it to our Jira server instance on-prem.

We already have Jira (HTTPS) connected to Crucible (HTTP) working. In Confluence, I am seeing the following Network error:

The remote certificate can't be trusted.

<Company> may be using a self-signed SSL certificate or a certificate that was issued by a certificate authority that isn't known locally.

Our certificate is a wildcard certificate (*.company.com.au), but it is from GoDaddy. According to the knowledge base, that's a known problem with GoDaddy and Java. 

My question: is the new .crt to be installed on the Java keystore for the Jira Server instance, or does it need to be installed (somehow) in Confluence cloud?

I don't recall having to install the intermediate certificate for connecting to Jira from Crucible.

Answer
Watch
Like Be the first to like this
644 views

1 answer

0 votes
Kiran Panduga {Appfire}
Kiran Panduga {Appfire}
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
February 11, 2019

Hi @Daniel Becroft

You will need to import your chain certificates into the Java Keystore running the JIRA Server instance to address this issue.

Given that Confluence is running on Atlassian Cloud, it's not possible to import any SSL certificates over the cloud.

Thanks,

Kiran.

View More Comments
Daniel Becroft
Daniel Becroft February 26, 2019

Thanks @Kiran Panduga {Appfire} . I managed to get an outage window and get the certificate installed correctly.

Unfortunately, Confluence Cloud still does not want to connect to the Jira Server instance, and I can't even get back to receiving the above error message that indicated the SSL error. I'm guessing it's a network firewall issue, so we'll investigate further.

Edit: Okay, I managed to finally get Confluence Cloud to sort of connect after using multiple combinations of http/https, with/without trailing slash, etc. But, I'm still getting the certificate error, even after installing the GoDaddy root certificate.

Using SSLPoke on the Jira server itself gives a successful connection, but using SSLPoke on a different machine (where the GoDaddy certificate is not installed in that keystore) gives a connection failure:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Also, from the guide SSL and Application Link Troubleshooting Guide [1], under Check your SSL certificate configuration:

The local trust store must contain the certificate for the remote application you're trying to connect to.

Maybe Atlassian needs to install the GoDaddy certificate into their cloud infrastructure?

[1] - https://confluence.atlassian.com/applinks/ssl-and-application-link-troubleshooting-guide-790632063.html

Like
Bhupesh Nagda
Bhupesh Nagda
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 21, 2024

hi @Daniel Becroft ,

Were you able to get it working?

We are migrating from Confluence DC to Confluence cloud using CCMA plugin and getting similar error and support response is very vague. I don't think cloud instance(target) will install source instance certificates, will they?

 

ERROR [Caesium-1-3] [agent.service.analytics.AnalyticsEventConsumer] error An unhandled exception occurred when processing a AnalyticsEventConsumer job request. Reason: An IO exception occurred when communicating with a downstream service Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target runJob Scheduled job migration-plugin:analytics-events-consumer-runner-key#migration-plugin:analytics-events-consumer-job-id failed with response JobRunnerResponse[runOutcome=FAILED,message='AnalyticsEventConsumer job failed with reason An IO exception occurred when communicating with a downstream service']

 

Any guidance will be highly appreciated. We already installed confluence cloud(target) public certificate inside source confluence dc(source) keystore.

 

Cheers!

Bhupesh

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events