Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources
  • Community
  • Products
  • Jira
  • Questions
  • JIRA 4.1.2 SSL and Crowd - Error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested

JIRA 4.1.2 SSL and Crowd - Error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested

William Wells1
William Wells
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 4, 2012

I just installed a clean JIRA 4.1.2 (WAR/EAR) on a test server and want to connect it to my Crowd server (2.0.7) to authenticate users. I've added the IP for the new JIRA instance into my Crowd and the authentication test seems to work. I updated my JIRA server.xml file to include my SSL certs, but when I try to log in with the account I know works at least locally, I get the following in the logs:

Error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Note: My Crowd server and current production JIRA both have SSL working. It appears that my new JIRA instance is not correctly configured to talk to Crowd's SSL setup, but I can't figure out what I need to change to get it to work. I didn't setup the current systems.

Server.xml (the trustPass is empty by design)

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
MaxThread="150" scheme="https" secure="true"
keystoreFile="/etc/pki/tls/certs/jira1.jks"
keystorePass="jira"
trustStoreFile="/etc/pki/tls/certs/trust.jks"
truststorePass=""
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>

osuser.xml

I commented out the second <provider class> section and uncommented the first section

crowd.properties

added the application.name as it is identified in Crowd for this server
added the application.password as the one identified by my keystorePass
updated the application.login.url to https://servername:8443/jira

crowd.server.url is set to my production server's Crowd instance URL

seraph-config.xml

I did not modify this file because I wanted to be able to use both Jira's internal user management and Crowd's user management. However, I can't login with the local JIRA user either.

Answer
Watch
Like Be the first to like this
345 views

2 answers

1 accepted

0 votes
Answer accepted
William Wells1
William Wells
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 4, 2012

It was simpler than that actually. You have to make sure that you update your setenv.sh file to include the export for the SSL.

export JAVA_OPTS="-server -Djavax.net.ssl.trustStore=/etc/pki/tls/certs/trust.jks -Djavax.net.ssl.trustStorePassword= -Djavax.net.ssl.keyStore=/etc/pki/tls/certs/jira1.jks -Djavax.net.ssl.keyStorePassword=jira -Djira.jelly.on=true -Djava.awt.headless=true"

export JAVA_OPTS="$JAVA_OPTS -Dv45.jira.version=1.1.0"

Reply
0 votes
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 4, 2012

Try this: https://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events