• Community
  • Products
  • Jira
  • Questions
  • JIRA 4.1.2 SSL and Crowd - Error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested

JIRA 4.1.2 SSL and Crowd - Error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested

I just installed a clean JIRA 4.1.2 (WAR/EAR) on a test server and want to connect it to my Crowd server (2.0.7) to authenticate users. I've added the IP for the new JIRA instance into my Crowd and the authentication test seems to work. I updated my JIRA server.xml file to include my SSL certs, but when I try to log in with the account I know works at least locally, I get the following in the logs:

Error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Note: My Crowd server and current production JIRA both have SSL working. It appears that my new JIRA instance is not correctly configured to talk to Crowd's SSL setup, but I can't figure out what I need to change to get it to work. I didn't setup the current systems.

Server.xml (the trustPass is empty by design)

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
MaxThread="150" scheme="https" secure="true"
keystoreFile="/etc/pki/tls/certs/jira1.jks"
keystorePass="jira"
trustStoreFile="/etc/pki/tls/certs/trust.jks"
truststorePass=""
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>

osuser.xml

I commented out the second <provider class> section and uncommented the first section

crowd.properties

added the application.name as it is identified in Crowd for this server
added the application.password as the one identified by my keystorePass
updated the application.login.url to https://servername:8443/jira

crowd.server.url is set to my production server's Crowd instance URL

seraph-config.xml

I did not modify this file because I wanted to be able to use both Jira's internal user management and Crowd's user management. However, I can't login with the local JIRA user either.

2 answers

1 accepted

It was simpler than that actually. You have to make sure that you update your setenv.sh file to include the export for the SSL.

export JAVA_OPTS="-server -Djavax.net.ssl.trustStore=/etc/pki/tls/certs/trust.jks -Djavax.net.ssl.trustStorePassword= -Djavax.net.ssl.keyStore=/etc/pki/tls/certs/jira1.jks -Djavax.net.ssl.keyStorePassword=jira -Djira.jelly.on=true -Djava.awt.headless=true"

export JAVA_OPTS="$JAVA_OPTS -Dv45.jira.version=1.1.0"

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published yesterday in Jira Service Desk

Wy are we still using email for Service Desk workflows?

...attest to the experience of an urgent approval that gets lost in the boss’s inbox and requires that special “Please Approve” email or text message. In an age where we have distributed teams...

54 views 0 2
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you