Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira SSL error / application link error

Marcin Beczyński
Marcin Beczyński July 13, 2017

Hey,
I got a problem with Jira and link it to Confluence using Applicaion link, main problem could be SSL certificate what is inject using apache. Thanks in advice for all hint 


Catalina Log:


2017-07-13 16:16:14,155 http-nio-8080-exec-2 ERROR user_name 976x20x1 n9r5jf 83.26.231.205,1.1.1.1 /secure/Dashboard.jspa [c.a.g.r.internal.http.HttpClientFetcher] Unable to perform a request to: https://jira.example.com/rest/gadgets/1.0/g/messagebundle/und/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected%2Cstreams.jira.action%2Ccommon.date.relative
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
2017-07-13 16:16:14,340 http-nio-8080-exec-2 ERROR user_name 976x20x1 n9r5jf 83.26.231.205,1.1.1.1 /secure/Dashboard.jspa [c.a.g.r.internal.http.HttpClientFetcher] Unable to perform a request to: https://jira.example.com/rest/gadgets/1.0/g/messagebundle/und/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected%2Cstreams.jira.action%2Ccommon.date.relative
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
2017-07-13 16:16:14,381 http-nio-8080-exec-2 ERROR user_name 976x20x1 n9r5jf 83.26.231.205,1.1.1.1 /secure/Dashboard.jspa [c.a.g.r.internal.http.HttpClientFetcher] Unable to perform a request to: https://jira.example.com/rest/gadgets/1.0/g/messagebundle/en_US/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected%2Cstreams.jira.action%2Ccommon.date.relative
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


 

Server.xml :


 <Service name="Catalina">

 <Connector port="8080"
 
 maxThreads="150"
 minSpareThreads="25"
 connectionTimeout="20000"
 enableLookups="false"
 maxHttpHeaderSize="8192"
 protocol="HTTP/1.1"
 useBodyEncodingForURI="true"
 redirectPort="8443"
 acceptCount="100"
 disableUploadTimeout="true"
 proxyName="jira.example.com"
 proxyPort="443"
 bindOnInit="false"
 scheme="https"
 secure="true"/>

 

setenv.sh :

#

JVM_MINIMUM_MEMORY="1024m"
JVM_MAXIMUM_MEMORY="1024m"


JVM_REQUIRED_ARGS='-Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory'

JAVA_OPTS="-Djavax.net.ssl.keyStore=/etc/ssl/example.p12 -Djavax.net.ssl.keyStorePassword=changeit -Xms${JVM_MINIMUM_MEMORY} -Xmx${JVM_MAXIMUM_MEMORY} ${JAVA_OPTS} ${JVM_REQUIRED_ARGS} ${DISABLE_NOTIFICATIONS} ${JVM_SUPPORT_RECOMMENDED_ARGS} ${JVM_EXTRA_ARGS} ${JIRA_HOME_MINUSD} ${START_JIRA_JAVA_OPTS}"
export JAVA_OPTS

Apache config file

<VirtualHost jira.example.com:443>
 ServerName www.jira.example.com
 ServerAlias jira.example.com
 DocumentRoot /opt/atlassian/jira
 ErrorLog /var/www/jira.example.com/error.log
 CustomLog /var/www/jira.example.com/requests.log combined
 RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 <Proxy *>
 Order deny,allow
 Allow from all
 </Proxy>
 ProxyRequests Off
 ProxyPreserveHost On
 SSLProxyEngine On
 SSLEngine on
 SSLCertificateFile /etc/ssl/example.crt
 SSLCertificateKeyFile /etc/ssl/example.key
 ProxyPass / http://jira.example.com:8080/
 ProxyPassReverse / http://jira.example.com:8080/
</VirtualHost>
<VirtualHost jira.example.com:80>
 ServerName www.jira.example.com
 ServerAlias jira.example.com
 DocumentRoot /opt/atlassian/jira
 ErrorLog /var/www/jira.example.com/error.log
 CustomLog /var/www/jira.example.com/requests.log combined
 <Proxy *>
 Order deny,allow
 Allow from all
 </Proxy>
 ProxyRequests Off
 ProxyPreserveHost On
 ProxyPass / http://jira.example.com:8080/
 ProxyPassReverse / http://jira.example.com:8080/
</VirtualHost>

Jira Version 7.4.0

Answer
Watch
Like Be the first to like this
3039 views

1 answer

1 accepted

0 votes
Answer accepted
josh
josh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 14, 2017

One issue i noticed is that you should not have the Proxy configuration on both the port 443 and port 80 virtual hosts. It should only be on the port 443 virtual host.

All the port 80 virtual host should do is rewrite (forward) users to the 443  host. For instance:

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://jira.example.com%{REQUEST_URI} [NE]
</VirtualHost>

You must also set your JIRA base url to https://jira.example.com

Also, since that's the JIRA log, it means that JIRA cannot verify the certificate used with Confluence. The issue may lie in your Confluence configuration. Are you using self signed or CA trusted certs?

View More Comments
Marcin Beczyński
Marcin Beczyński July 14, 2017

Thanks for your reply, the main problem was with the CA certificate and protocol what Jira used I will update new config file for future knowloage

BR

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events