Jira SSL error / application link error

Hey,
I got a problem with Jira and link it to Confluence using Applicaion link, main problem could be SSL certificate what is inject using apache. Thanks in advice for all hint 


Catalina Log:


2017-07-13 16:16:14,155 http-nio-8080-exec-2 ERROR user_name 976x20x1 n9r5jf 83.26.231.205,1.1.1.1 /secure/Dashboard.jspa [c.a.g.r.internal.http.HttpClientFetcher] Unable to perform a request to: https://jira.example.com/rest/gadgets/1.0/g/messagebundle/und/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected%2Cstreams.jira.action%2Ccommon.date.relative
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

2017-07-13 16:16:14,340 http-nio-8080-exec-2 ERROR user_name 976x20x1 n9r5jf 83.26.231.205,1.1.1.1 /secure/Dashboard.jspa [c.a.g.r.internal.http.HttpClientFetcher] Unable to perform a request to: https://jira.example.com/rest/gadgets/1.0/g/messagebundle/und/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected%2Cstreams.jira.action%2Ccommon.date.relative
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

2017-07-13 16:16:14,381 http-nio-8080-exec-2 ERROR user_name 976x20x1 n9r5jf 83.26.231.205,1.1.1.1 /secure/Dashboard.jspa [c.a.g.r.internal.http.HttpClientFetcher] Unable to perform a request to: https://jira.example.com/rest/gadgets/1.0/g/messagebundle/en_US/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected%2Cstreams.jira.action%2Ccommon.date.relative
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


 

Server.xml :


<Service name="Catalina">

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
proxyName="jira.example.com"
proxyPort="443"
bindOnInit="false"
scheme="https"
secure="true"/>

 

setenv.sh :

#

JVM_MINIMUM_MEMORY="1024m"
JVM_MAXIMUM_MEMORY="1024m"


JVM_REQUIRED_ARGS='-Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory'

JAVA_OPTS="-Djavax.net.ssl.keyStore=/etc/ssl/example.p12 -Djavax.net.ssl.keyStorePassword=changeit -Xms${JVM_MINIMUM_MEMORY} -Xmx${JVM_MAXIMUM_MEMORY} ${JAVA_OPTS} ${JVM_REQUIRED_ARGS} ${DISABLE_NOTIFICATIONS} ${JVM_SUPPORT_RECOMMENDED_ARGS} ${JVM_EXTRA_ARGS} ${JIRA_HOME_MINUSD} ${START_JIRA_JAVA_OPTS}"
export JAVA_OPTS

Apache config file

<VirtualHost jira.example.com:443>
ServerName www.jira.example.com
ServerAlias jira.example.com
DocumentRoot /opt/atlassian/jira
ErrorLog /var/www/jira.example.com/error.log
CustomLog /var/www/jira.example.com/requests.log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
SSLProxyEngine On
SSLEngine on
SSLCertificateFile /etc/ssl/example.crt
SSLCertificateKeyFile /etc/ssl/example.key
ProxyPass / http://jira.example.com:8080/
ProxyPassReverse / http://jira.example.com:8080/
</VirtualHost>
<VirtualHost jira.example.com:80>
ServerName www.jira.example.com
ServerAlias jira.example.com
DocumentRoot /opt/atlassian/jira
ErrorLog /var/www/jira.example.com/error.log
CustomLog /var/www/jira.example.com/requests.log combined
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://jira.example.com:8080/
ProxyPassReverse / http://jira.example.com:8080/
</VirtualHost>

Jira Version 7.4.0

1 answer

1 accepted

0 votes
Josh Steckler Community Champion Jul 14, 2017

One issue i noticed is that you should not have the Proxy configuration on both the port 443 and port 80 virtual hosts. It should only be on the port 443 virtual host.

All the port 80 virtual host should do is rewrite (forward) users to the 443  host. For instance:

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://jira.example.com%{REQUEST_URI} [NE]
</VirtualHost>

You must also set your JIRA base url to https://jira.example.com

Also, since that's the JIRA log, it means that JIRA cannot verify the certificate used with Confluence. The issue may lie in your Confluence configuration. Are you using self signed or CA trusted certs?

Thanks for your reply, the main problem was with the CA certificate and protocol what Jira used I will update new config file for future knowloage

BR

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,878 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot