JIRA - Gadgets and SSL

Mobco Support November 21, 2017

Hi all 

Small amount of information;

  • Jira v7.5
  • Running on CentOS 7
  • SSL configured
  • HTTPS over port 8443
  • Certificate signed by internal CA
    • Root CA added to truststore
    • Public certificate added to truststore

I have a question regarding using gadgets on the dashboard. 

When I add a gadget, the title shows as _MSG_Gadget_.

I followed the following link; 

https://confluence.atlassian.com/jirakb/how-to-fix-gadget-titles-showing-as-__msg_gadget-813697086.html

This brings me to the following page;

https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html

I downloaded the SSLPoke.class file and SCP'd it to my JIRA server. 

Once used, I got the exact same error as on the page.

JorenDB_—_root_jira__opt_atlassian_jira_jre_bin_—_ssh_root_jira_mobco_hq_—_87×51.png

When adding my own truststore that I created for JIRA (to use JIRA over HTTPS), I get "successfully connected". 

JorenDB_—_root_jira__opt_atlassian_jira_jre_bin_—_ssh_root_jira_mobco_hq_—_201×51.png

This means that my root CA has been added to the truststore (of which I was certain even before this check). 

Then my question is; does anybody know how to solve this issue? 

If any more information is required; I'll be glad to give it! 

Thanks in advance

 

2 answers

1 accepted

0 votes
Answer accepted
Mobco Support November 21, 2017

Hi all 

Issue has been resolved. 

Had to add my root CA to the jira /security/cacerts truststore!

Kind regards

0 votes
Maurice
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 21, 2017

Hi!

As a next test I would recommend setting the Jira JVM argument to set the trust store to match the successful command above.
It may be that Jira isn't using the correct trust store.

In Linux you can edit the <jira-install>/bin/setenv.sh, find the JVM_SUPPORT_RECOMMENDED_ARGS=

and add to this -Djavax.net.ssl.trustStore=/opt/atlassian/jira/jira.jks

This assumes your Jira is running using the Embedded JRE as opposed to having a System JDK installed.

The alternative approach would be to install the Java JDK on your system and point Jira to use this. You would then add the certificates to the JVM default keystore:
$JAVA_HOME/jre/lib/security/cacerts

 

Another possible cause of the problem could be having iptables running on the machine or a proxy causing issues.

 

Best regards,
Brian

Suggest an answer

Log in or Sign up to answer