Problem with comment/create email handler over Pop3s

MarkoR February 7, 2013

Hello,

I have a problem with my comment/create email handler. I need to connect to POP3 mailbox on our exchange server over SSL. I have followed instructions on following link https://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services but I am still getting error in jira logs when create/comment service runs from jira : “javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”

All certs are imported to form a valid path. In my case it’s something like this CA01>CA02>CA04>OWA. Server was restarted after import but error remains.

I have used InstallCert for import, and when using command “java InstallCert my.owa.com” im getting message that certificate is already trusted.

I have also tried with class SSLPoke class from documentation and again “java SSLPoke my.owa.com 995” > Successfully connected

Tried also to check for Djavax.net.ssl.trustStore, and pointed it at my cacerts.

java -Djavax.net.ssl.trustStore="C:\Program Files\Java\jdk1.6.0_29\jre\lib\security\cacerts" SSLPoke my.owa.com 995

This command was also successfull, but this java property is missing anyway in java configuration for tomcat. Do i have to set it?

tomcat6w //ES//%SERVICENAME%

Am I missing something? Do I need to set some additional configuration, maybe in server.xml or something like that? Currently my jira is running in http, I only have to use ssl to access this pop3 account.

Jira 4.2 , java 1.6_29, oracle 10g, windows server 2003 SE SP2

Please advise, thank you!


Kind regards

2 answers

1 accepted

1 vote
Answer accepted
Andy Brook [Plugin People]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 8, 2013

Hi Marko,

If the SSLPoke app that I contributed works for you, you can be sure that if JIRA were to use the same cacerts file, then it too would be able to connect. From this, I can only guess that a different JRE is being used? Can you confirm that the very same JRE path is referred in JIRA system properties?

0 votes
MarkoR February 8, 2013

Dear Andy,

I can’t believe I have missed that tomcat was using default jvm from jira installation bin folder… C:\Program Files\Atlassian\JIRA 4.2.4-b591\jre\bin\server\jvm.dll…and I was right there looking at it…

Please post this as an answer so I can mark it as correct one.

Thank you very much, kind regards.

Suggest an answer

Log in or Sign up to answer