JIRA - Gadgets and SSL Edited

Hi all 

Small amount of information;

  • Jira v7.5
  • Running on CentOS 7
  • SSL configured
  • HTTPS over port 8443
  • Certificate signed by internal CA
    • Root CA added to truststore
    • Public certificate added to truststore

I have a question regarding using gadgets on the dashboard. 

When I add a gadget, the title shows as _MSG_Gadget_.

I followed the following link; 

https://confluence.atlassian.com/jirakb/how-to-fix-gadget-titles-showing-as-__msg_gadget-813697086.html

This brings me to the following page;

https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html

I downloaded the SSLPoke.class file and SCP'd it to my JIRA server. 

Once used, I got the exact same error as on the page.

JorenDB_—_root_jira__opt_atlassian_jira_jre_bin_—_ssh_root_jira_mobco_hq_—_87×51.png

When adding my own truststore that I created for JIRA (to use JIRA over HTTPS), I get "successfully connected". 

JorenDB_—_root_jira__opt_atlassian_jira_jre_bin_—_ssh_root_jira_mobco_hq_—_201×51.png

This means that my root CA has been added to the truststore (of which I was certain even before this check). 

Then my question is; does anybody know how to solve this issue? 

If any more information is required; I'll be glad to give it! 

Thanks in advance

 

2 answers

1 accepted

Accepted Answer
0 votes

Hi all 

Issue has been resolved. 

Had to add my root CA to the jira /security/cacerts truststore!

Kind regards

0 votes
Brian Cohen Atlassian Team Nov 21, 2017

Hi!

As a next test I would recommend setting the Jira JVM argument to set the trust store to match the successful command above.
It may be that Jira isn't using the correct trust store.

In Linux you can edit the <jira-install>/bin/setenv.sh, find the JVM_SUPPORT_RECOMMENDED_ARGS=

and add to this -Djavax.net.ssl.trustStore=/opt/atlassian/jira/jira.jks

This assumes your Jira is running using the Embedded JRE as opposed to having a System JDK installed.

The alternative approach would be to install the Java JDK on your system and point Jira to use this. You would then add the certificates to the JVM default keystore:
$JAVA_HOME/jre/lib/security/cacerts

 

Another possible cause of the problem could be having iptables running on the machine or a proxy causing issues.

 

Best regards,
Brian

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

Looking for anyone who made the switch to Data Center

The Jira Marketing team is putting together an ebook on migrating to Data Center. We're looking for pro tips on how you staffed your project team and organized your Proof of Concept. Share yo...

47 views 0 2
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you