It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How do you specify different keystore alias for mysql ssl connection and tomcat ssl connection?

Jeff Clay Jul 03, 2017

I have a Centos 7 server which I am installing Jira Core (will expand to include Service Desk and Software later). I have a CA signed wildcard SSL certificate for my domain that I am trying to configure with tomcat. I also have a remote MySQL server configured for SSL connections (self signed).

Looking at the documentation  and  It seems that Tomcat and MySQL JDBC are using the settings from server.xml for port 8443. 

I started off configuring MySQL for SSL which worked fine. I then went through the steps and  to use my CA signed cert for Tomcat. At this point the web session is working in 8443 but it seems that it's using the wrong SSL cert or something for MySQL because I keep getting an error that access was denied to mysql using password yes.

I thought that the MySQL specific SSL settings would be dbconfig.xml file but I can't find any options for that.

I may have asked the wrong question, but I hope I explained my problem well enough for you to see what I'm trying to accomplish.

2 answers

0 votes
Branden McElveen Atlassian Team Jul 06, 2017

Hi Jeff,

Are you seeing a message similar to the following:

Access denied for user 'branden'@''(using password: YES)

I normally see this when attempting to access MySQL from another computer other than the one it's setup on.  In light of that, there is a MySQL knowledge base that may assist with this error titled Troubleshooting Problems Connecting to MySQL:

If you get the following error, it means that you are using an incorrect password:

If the preceding error occurs even when you have not specified a password, it means that you have an incorrect password listed in some option file. Try the --no-defaults option as described in the previous item.

Please review Troubleshooting Problems Connecting to MySQL in it's entirety and you should be able to get around this.



0 votes
Desislav Kamenov Jan 12, 2018 • edited

It's been a while and probably the issue has been fixed but as far as I understand the issue is the Jira can't connect to MySQL over SSL while the articles mentioned explain how to import an SSL certificate so that Jira can be accessed  over https by users.

MySQL has its own SSL related properties that can be passed either via the jdbc url or through the code as connection properties.

As the second approach is not viable (you can't modify Jira source code, you have to add certain parameters to the jdbc URL

That page explains them in details - 

but you need useSSL, requireSSL, verifyServerCertificate, clientCertificate[all of them] and trustCertificate[all of them] if you use a self signed server certificate.

Follow the JKS/PKCS12 keystore procedure described in the articles you have mentioned to generate the keystore and truststore files.

The "access denied" error is quite misleading as the real reason is ssl handshake can't be completed if SSL is forced on MySQL server side. Spent half a day fighting it.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Posted in Jira Software

Demo Den Ep. 5: Meet Jira Mobile

See how to use Jira on the go! Demo Den Episode 5 is here: meet Jira Mobile with  Jira  Product Manager Rayen Magpantay.  Demo Den is in our monthly series where a Jira PM demonstrates...

305 views 1 10
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you