• Community
  • Products
  • Jira
  • Questions
  • JIRA 4.1.2 SSL and Crowd - Error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested

JIRA 4.1.2 SSL and Crowd - Error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested

I just installed a clean JIRA 4.1.2 (WAR/EAR) on a test server and want to connect it to my Crowd server (2.0.7) to authenticate users. I've added the IP for the new JIRA instance into my Crowd and the authentication test seems to work. I updated my JIRA server.xml file to include my SSL certs, but when I try to log in with the account I know works at least locally, I get the following in the logs:

Error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Note: My Crowd server and current production JIRA both have SSL working. It appears that my new JIRA instance is not correctly configured to talk to Crowd's SSL setup, but I can't figure out what I need to change to get it to work. I didn't setup the current systems.

Server.xml (the trustPass is empty by design)

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
MaxThread="150" scheme="https" secure="true"
keystoreFile="/etc/pki/tls/certs/jira1.jks"
keystorePass="jira"
trustStoreFile="/etc/pki/tls/certs/trust.jks"
truststorePass=""
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>

osuser.xml

I commented out the second <provider class> section and uncommented the first section

crowd.properties

added the application.name as it is identified in Crowd for this server
added the application.password as the one identified by my keystorePass
updated the application.login.url to https://servername:8443/jira

crowd.server.url is set to my production server's Crowd instance URL

seraph-config.xml

I did not modify this file because I wanted to be able to use both Jira's internal user management and Crowd's user management. However, I can't login with the local JIRA user either.

2 answers

1 accepted

This widget could not be displayed.

It was simpler than that actually. You have to make sure that you update your setenv.sh file to include the export for the SSL.

export JAVA_OPTS="-server -Djavax.net.ssl.trustStore=/etc/pki/tls/certs/trust.jks -Djavax.net.ssl.trustStorePassword= -Djavax.net.ssl.keyStore=/etc/pki/tls/certs/jira1.jks -Djavax.net.ssl.keyStorePassword=jira -Djira.jelly.on=true -Djava.awt.headless=true"

export JAVA_OPTS="$JAVA_OPTS -Dv45.jira.version=1.1.0"

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

286 views 5 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you