JIRA - SSL problem

Hello, i use currently JIRA in version 6.3.6 and i use it with SSL via an Apache-Proxy.

Here is what happens if i try to connect with another application like confluence:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I imported the certificates of every domain and the root ca certificate:

srv1:/opt/atlassian# keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts | grep domain.net
Enter keystore password:  changeit
confluence.domain.net, Sep 28, 2014, trustedCertEntry, 
stash.domain.net, Sep 28, 2014, trustedCertEntry, 
bamboo.domain.net, Sep 28, 2014, trustedCertEntry, 
jira.domain.net, Sep 28, 2014, trustedCertEntry,
srv1:/opt/atlassian# keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts | grep startcom
Enter keystore password:  changeit
debian:startcom_certification_authority_g2.pem, Aug 6, 2014, trustedCertEntry, 
startcom.ca.sub.class4, Sep 28, 2014, trustedCertEntry, 
startcom.ca.sub.class3, Sep 28, 2014, trustedCertEntry, 
startcom.ca.sub.class2, Sep 28, 2014, trustedCertEntry, 
startcom.ca.sub.class1, Sep 28, 2014, trustedCertEntry, 
startcom.ca, Sep 28, 2014, trustedCertEntry, 
debian:startcom_certification_authority.pem, Aug 6, 2014, trustedCertEntry,

I googled this problem but everyone say only: Import the certificates to the keystore, but i already did it and the problem still exists.


What can be the problem?

2 answers

1 accepted

1 vote
Accepted answer

Check in your Administration > System Info and make sure JIRA is using the correct Java.

You're right, JIRA, Confluence, Stash and Bamboo(I checked only JIRA and Confluence) uses them own Java? I think this is the problem. I should import the certificates to JIRA's cacerts-keystore located under JIRA/jre/lib/security/cacerts, right?

Yes, some times they uses their own Java. Depends on configuration. To make sure, you can find the details under Administration > System Info.

Yes, thank you very much for your help. That's why Stash and Bamboo can connect with each other without problems but Confluence and JIRA don't, Stash and Bamboo uses the system-wide Java.

1 vote
Pedro Souza Atlassian Team Sep 28, 2014

Hi Kenneth,

Have you imported the certificates to the Apache Cacerts as well?

In my understanding, you're using Apache to handle SSL connections, so I believe that you need to import the certificates to Apache trust store, and according to the attached information, you have imported to JIRA default cacert (JAVA).


Also, you can test the connection using the SSLPoke, as per of this article below:




java SSLPoke mail.atlassian.com 443



Pedro Souza.


yes, it works like expected with SSLPoke:

srv1:/tmp$ java SSLPoke jira.domain.net 443
Successfully connected

But the problem still exists.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,096 views 4 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you