Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira 7.1 SSL Application Links

steffenbleul
steffenbleul February 28, 2016

I have the following setup:

Nginx

-> Confluence (latest version): https://confluence.example.com

-> JIRA (latest version): https://jira.example.com

I added letsencrypt.org certificates to keystores on Confluence and JIRA and both Instances use latest Oracle 8 JRE Java.

Tests with SSLPoke:

Initiating Application Link:

  • Confluence -> JIRA -> Server responding
  • JIRA -> Confluence -> 

    sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I am a little bit off here because both instances have same Java version and SSLPoke is evaluating with successfull result.... Any ideas? Is there something new with ssl handling in JIRA 7.1?

Does JIRA handle certificates differently from Confluence?

Answer
Watch
Like Bhushan Nagaraj likes this
1315 views

4 answers

1 accepted

0 votes
Answer accepted
steffenbleul
steffenbleul February 29, 2016

Looks like JIRA 7 install its own JRE under its install directory. The truststore is therefore under:

$JIRA_INSTALL/jre/lib/security/cacerts and not under $JAVA_HOME/jre/lib/security/cacerts.

After adding the letsencrypt ca it to the correct truststore it works!

View More Comments
Bhushan Nagaraj
Bhushan Nagaraj
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 29, 2016

Glad to hear you got this resolved. The link to the document I mentioned in my answer below states.

  • The 'Windows Installer' installs its own Java Runtime Environment (JRE) Java platform, which is used to run Tomcat. When updating SSL certificates, please do so in this JRE installation.
Like
steffenbleul
steffenbleul February 29, 2016

I am on Linux.

Like
Reply
0 votes
steffenbleul
steffenbleul February 29, 2016

Additional information:

 

Reply
0 votes
Jonas Andersson
Jonas Andersson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 28, 2016

Make sure SSL poke works on both short names and FQDN's. Had a similar issue where FQDN SSL worked fine, but shortnames didn't and my application links were created using short names.. Just a thing to check and in no way a magic bullet.

 

View More Comments
steffenbleul
steffenbleul February 29, 2016

Hello Jonas,

What is a SSL shortname in my configuration context? I have only a DNS entry jira.example.com and confluence.example.com. Both point to the same Nginx instance.

If "jira" and "confluence" are the shortnames then I would have to setup my whole network configuration that my nginx is available as https://jira.example.com and https://jira? Is this what you mean?

And why does this work for Confluence and not for Jira?

Like
Reply
0 votes
Bhushan Nagaraj
Bhushan Nagaraj
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 28, 2016

Hey Steffen,

You need to import your certs into the Trusted Keystore. Refer to the documentation available at https://confluence.atlassian.com/jira/running-jira-over-ssl-or-https-124008.html

View More Comments
steffenbleul
steffenbleul February 28, 2016

That is the documentation on how to run JIRA on https but I am using nginx https and JIRA is accessible. So that hurdle is already taken and has nothing to do with my question.

You can also read here: SSL Services , that I have checked the truststore and domain with SSLPoke. The truststore and added certificate ca works fine from console and Confluence! But does not work inside JIRA 7!

Like
steffenbleul
steffenbleul February 29, 2016

I added a Bitbucket server to my configuration and installed the letsencrypt ca on all three instances the same way (jira, confluence, bitbucket). 

The result:

I can add application links freely between confluence and Bitbucket and back.

Both confluence and Bitbucket can discover jira.

JIRA itself answers both to Bitbucket and confluence with the error:

  • sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This seems to be the sole issue of JIRA 7.1!
Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events