JIRA - Gadgets and SSL Edited

Hi all 

Small amount of information;

  • Jira v7.5
  • Running on CentOS 7
  • SSL configured
  • HTTPS over port 8443
  • Certificate signed by internal CA
    • Root CA added to truststore
    • Public certificate added to truststore

I have a question regarding using gadgets on the dashboard. 

When I add a gadget, the title shows as _MSG_Gadget_.

I followed the following link; 

https://confluence.atlassian.com/jirakb/how-to-fix-gadget-titles-showing-as-__msg_gadget-813697086.html

This brings me to the following page;

https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html

I downloaded the SSLPoke.class file and SCP'd it to my JIRA server. 

Once used, I got the exact same error as on the page.

JorenDB_—_root_jira__opt_atlassian_jira_jre_bin_—_ssh_root_jira_mobco_hq_—_87×51.png

When adding my own truststore that I created for JIRA (to use JIRA over HTTPS), I get "successfully connected". 

JorenDB_—_root_jira__opt_atlassian_jira_jre_bin_—_ssh_root_jira_mobco_hq_—_201×51.png

This means that my root CA has been added to the truststore (of which I was certain even before this check). 

Then my question is; does anybody know how to solve this issue? 

If any more information is required; I'll be glad to give it! 

Thanks in advance

 

2 answers

1 accepted

0 vote

Hi all 

Issue has been resolved. 

Had to add my root CA to the jira /security/cacerts truststore!

Kind regards

0 vote
Brian Cohen Atlassian Team Nov 21, 2017

Hi!

As a next test I would recommend setting the Jira JVM argument to set the trust store to match the successful command above.
It may be that Jira isn't using the correct trust store.

In Linux you can edit the <jira-install>/bin/setenv.sh, find the JVM_SUPPORT_RECOMMENDED_ARGS=

and add to this -Djavax.net.ssl.trustStore=/opt/atlassian/jira/jira.jks

This assumes your Jira is running using the Embedded JRE as opposed to having a System JDK installed.

The alternative approach would be to install the Java JDK on your system and point Jira to use this. You would then add the certificates to the JVM default keystore:
$JAVA_HOME/jre/lib/security/cacerts

 

Another possible cause of the problem could be having iptables running on the machine or a proxy causing issues.

 

Best regards,
Brian

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,305 views 14 20
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot