Jira SSL error / application link error

Hey,
I got a problem with Jira and link it to Confluence using Applicaion link, main problem could be SSL certificate what is inject using apache. Thanks in advice for all hint 


Catalina Log:


2017-07-13 16:16:14,155 http-nio-8080-exec-2 ERROR user_name 976x20x1 n9r5jf 83.26.231.205,1.1.1.1 /secure/Dashboard.jspa [c.a.g.r.internal.http.HttpClientFetcher] Unable to perform a request to: https://jira.example.com/rest/gadgets/1.0/g/messagebundle/und/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected%2Cstreams.jira.action%2Ccommon.date.relative
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

2017-07-13 16:16:14,340 http-nio-8080-exec-2 ERROR user_name 976x20x1 n9r5jf 83.26.231.205,1.1.1.1 /secure/Dashboard.jspa [c.a.g.r.internal.http.HttpClientFetcher] Unable to perform a request to: https://jira.example.com/rest/gadgets/1.0/g/messagebundle/und/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected%2Cstreams.jira.action%2Ccommon.date.relative
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

2017-07-13 16:16:14,381 http-nio-8080-exec-2 ERROR user_name 976x20x1 n9r5jf 83.26.231.205,1.1.1.1 /secure/Dashboard.jspa [c.a.g.r.internal.http.HttpClientFetcher] Unable to perform a request to: https://jira.example.com/rest/gadgets/1.0/g/messagebundle/en_US/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected%2Cstreams.jira.action%2Ccommon.date.relative
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


 

Server.xml :


<Service name="Catalina">

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
proxyName="jira.example.com"
proxyPort="443"
bindOnInit="false"
scheme="https"
secure="true"/>

 

setenv.sh :

#

JVM_MINIMUM_MEMORY="1024m"
JVM_MAXIMUM_MEMORY="1024m"


JVM_REQUIRED_ARGS='-Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory'

JAVA_OPTS="-Djavax.net.ssl.keyStore=/etc/ssl/example.p12 -Djavax.net.ssl.keyStorePassword=changeit -Xms${JVM_MINIMUM_MEMORY} -Xmx${JVM_MAXIMUM_MEMORY} ${JAVA_OPTS} ${JVM_REQUIRED_ARGS} ${DISABLE_NOTIFICATIONS} ${JVM_SUPPORT_RECOMMENDED_ARGS} ${JVM_EXTRA_ARGS} ${JIRA_HOME_MINUSD} ${START_JIRA_JAVA_OPTS}"
export JAVA_OPTS

Apache config file

<VirtualHost jira.example.com:443>
ServerName www.jira.example.com
ServerAlias jira.example.com
DocumentRoot /opt/atlassian/jira
ErrorLog /var/www/jira.example.com/error.log
CustomLog /var/www/jira.example.com/requests.log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
SSLProxyEngine On
SSLEngine on
SSLCertificateFile /etc/ssl/example.crt
SSLCertificateKeyFile /etc/ssl/example.key
ProxyPass / http://jira.example.com:8080/
ProxyPassReverse / http://jira.example.com:8080/
</VirtualHost>
<VirtualHost jira.example.com:80>
ServerName www.jira.example.com
ServerAlias jira.example.com
DocumentRoot /opt/atlassian/jira
ErrorLog /var/www/jira.example.com/error.log
CustomLog /var/www/jira.example.com/requests.log combined
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://jira.example.com:8080/
ProxyPassReverse / http://jira.example.com:8080/
</VirtualHost>

Jira Version 7.4.0

1 answer

1 accepted

0 vote
Josh Steckler Community Champion Jul 14, 2017

One issue i noticed is that you should not have the Proxy configuration on both the port 443 and port 80 virtual hosts. It should only be on the port 443 virtual host.

All the port 80 virtual host should do is rewrite (forward) users to the 443  host. For instance:

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://jira.example.com%{REQUEST_URI} [NE]
</VirtualHost>

You must also set your JIRA base url to https://jira.example.com

Also, since that's the JIRA log, it means that JIRA cannot verify the certificate used with Confluence. The issue may lie in your Confluence configuration. Are you using self signed or CA trusted certs?

Thanks for your reply, the main problem was with the CA certificate and protocol what Jira used I will update new config file for future knowloage

BR

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Julia Dillon
Posted Tuesday in Jira

Tell us how your team runs on Jira!

Hey Atlassian Community! Today we are launching a bunch of customer stories about the amazing work teams, like Dropbox and Twilio, are doing with Jira. You can check out the stories here. The thi...

648 views 1 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you