I am hosting JIRA in my private server on Azure. I need to run my JIRA site on HTTPS. I have installed SSL certificate in my server.
Also, followed steps which are required for HTTPS SSL connection to work. However, I am unable to fix the issue. My server is still showing as UNSECURED.
I checked out many blogs, atlassian community questions and posts, created java key store, imported certificate into those key stores and h**l lot of things, still unable to secure my server.
Can anyone help me. I need urgent help.
Thanks in Advance :)
1. Certs are configured in Windows 2016 Azure Virtual machine, and JIRA is installed in that Azure virtual machine.
2. Logs which might be helpful to you:
2020-11-16 11:46:32,791+0000 HealthCheck:thread-7 ERROR [c.a.t.j.healthcheck.support.GadgetFeedUrlHealthCheck] An error occurred when performing the Gadget feed URL healthcheckjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetCaused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) at sun.security.validator.Validator.validate(Validator.java:262) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621) ... 26 moreCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2020-11-18 14:37:55,056+0000 HealthCheck:thread-3 ERROR [c.a.t.j.healthcheck.support.GadgetFeedUrlHealthCheck] An error occurred when performing the Gadget feed URL healthcheckjavax.net.ssl.SSLPeerUnverifiedException: Certificate for <northview-jira.nvwonaz.com> doesn't match any of the subject alternative names: [*.nvwonaz.org, nvwonaz.org] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) at
3. I tried fetching SAN name using below command.
openssl s_client -connect website.com:443 </dev/null 2>/dev/null | openssl x509 -noout -text | grep DNS:
But I am not getting the results.
Hi @Reneesh Kottakkalathil
I can find attlassian-jira.log file in my Jira directory.
Below are the details:- (there are lot of details actually, I'm sending some imp. details)
Application Server : Apache Tomcat/8.5.57 - Servlet API 3.1
Java Version : 1.8.0_202 - AdoptOpenJdk
Current Working Directory : C:\Program Files\Atlassian\Jira\bin
JVM version is 1.8
Java Version = 1.8.0_202
Please let me know if anything else is required.
Yes @Reneesh Kottakkalathil I will check and update you.
Also, today I got a reply from Atlassian support and they are suspecting some issue with certificate.
What they are saying is that my Jira base URL is ending with ".com" while certificate is issued for ".org".
For example: my Jira server URL is xxx.COM
However, JIRA certificate is issue for: xxx.ORG
Can this be the cause. What do you think. Can you suggest something.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events