Jira SSL error / application link error

Hey,
I got a problem with Jira and link it to Confluence using Applicaion link, main problem could be SSL certificate what is inject using apache. Thanks in advice for all hint 


Catalina Log:


2017-07-13 16:16:14,155 http-nio-8080-exec-2 ERROR user_name 976x20x1 n9r5jf 83.26.231.205,1.1.1.1 /secure/Dashboard.jspa [c.a.g.r.internal.http.HttpClientFetcher] Unable to perform a request to: https://jira.example.com/rest/gadgets/1.0/g/messagebundle/und/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected%2Cstreams.jira.action%2Ccommon.date.relative
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

2017-07-13 16:16:14,340 http-nio-8080-exec-2 ERROR user_name 976x20x1 n9r5jf 83.26.231.205,1.1.1.1 /secure/Dashboard.jspa [c.a.g.r.internal.http.HttpClientFetcher] Unable to perform a request to: https://jira.example.com/rest/gadgets/1.0/g/messagebundle/und/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected%2Cstreams.jira.action%2Ccommon.date.relative
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

2017-07-13 16:16:14,381 http-nio-8080-exec-2 ERROR user_name 976x20x1 n9r5jf 83.26.231.205,1.1.1.1 /secure/Dashboard.jspa [c.a.g.r.internal.http.HttpClientFetcher] Unable to perform a request to: https://jira.example.com/rest/gadgets/1.0/g/messagebundle/en_US/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected%2Cstreams.jira.action%2Ccommon.date.relative
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


 

Server.xml :


<Service name="Catalina">

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
proxyName="jira.example.com"
proxyPort="443"
bindOnInit="false"
scheme="https"
secure="true"/>

 

setenv.sh :

#

JVM_MINIMUM_MEMORY="1024m"
JVM_MAXIMUM_MEMORY="1024m"


JVM_REQUIRED_ARGS='-Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory'

JAVA_OPTS="-Djavax.net.ssl.keyStore=/etc/ssl/example.p12 -Djavax.net.ssl.keyStorePassword=changeit -Xms${JVM_MINIMUM_MEMORY} -Xmx${JVM_MAXIMUM_MEMORY} ${JAVA_OPTS} ${JVM_REQUIRED_ARGS} ${DISABLE_NOTIFICATIONS} ${JVM_SUPPORT_RECOMMENDED_ARGS} ${JVM_EXTRA_ARGS} ${JIRA_HOME_MINUSD} ${START_JIRA_JAVA_OPTS}"
export JAVA_OPTS

Apache config file

<VirtualHost jira.example.com:443>
ServerName www.jira.example.com
ServerAlias jira.example.com
DocumentRoot /opt/atlassian/jira
ErrorLog /var/www/jira.example.com/error.log
CustomLog /var/www/jira.example.com/requests.log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
SSLProxyEngine On
SSLEngine on
SSLCertificateFile /etc/ssl/example.crt
SSLCertificateKeyFile /etc/ssl/example.key
ProxyPass / http://jira.example.com:8080/
ProxyPassReverse / http://jira.example.com:8080/
</VirtualHost>
<VirtualHost jira.example.com:80>
ServerName www.jira.example.com
ServerAlias jira.example.com
DocumentRoot /opt/atlassian/jira
ErrorLog /var/www/jira.example.com/error.log
CustomLog /var/www/jira.example.com/requests.log combined
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://jira.example.com:8080/
ProxyPassReverse / http://jira.example.com:8080/
</VirtualHost>

Jira Version 7.4.0

1 answer

1 accepted

0 votes
Accepted answer
Josh Steckler Community Champion Jul 14, 2017

One issue i noticed is that you should not have the Proxy configuration on both the port 443 and port 80 virtual hosts. It should only be on the port 443 virtual host.

All the port 80 virtual host should do is rewrite (forward) users to the 443  host. For instance:

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://jira.example.com%{REQUEST_URI} [NE]
</VirtualHost>

You must also set your JIRA base url to https://jira.example.com

Also, since that's the JIRA log, it means that JIRA cannot verify the certificate used with Confluence. The issue may lie in your Confluence configuration. Are you using self signed or CA trusted certs?

Thanks for your reply, the main problem was with the CA certificate and protocol what Jira used I will update new config file for future knowloage

BR

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,305 views 12 19
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you