As part of CLI evaluation, would like to remove few users from groups using a CSV file.
Tried with JIRA CLI 3.8 and JIRA 5.2.9, unfortunately, the script doesn't work and gives the below error;
Unable to log in to server: https://sts-integ.app.my-domain.com/rpc/soap/jirasoapservice-v2with user: username.
Cause: ; nested exception is:
java.net.ConnectException: Connection refused
You may find the action which I used in the jira.sh script below;
/opt/jira/current/jre/bin/java -jar `dirname $0`/lib/jira-cli-3.8.0.jar --server https://sts-integ.app.my-domain.com/--user username --password ****** --action removeUserFromGroupWithFile --file removeUserToGroupWithFile.csv "$@"
Could you please trace what could be the issue here ?
Right, well, there's your answer - your certificate is not being found, or it's not valid. So you either haven't "imported the SSL to java cacerts" or it's requiring more certificates, or you aren't enabling it to read the certificate store.
Check the following:
Do this from the same system you are trying to run the CLI command from.
Do you use proxy at your side? (as this also might require additional settings)
I can access the site. Infact, I am running the CLI from the JIRA server itself.
For second point, I got the below page. Hope its fine.
Hi there, this is an AXIS service!
Perhaps there will be a form for invoking the service here... "
We do use a proxy to access JIRA from outside. Do you think we need to add proxy settings in the CLI even if I run from JIRA server ?
You should try configuring java proxy settings as java would not pick the system proxy settings which might lead to issues even when run on the same server.
Pass proxy params to JAVA either directly on the command line or through JAVA_OPTS like these (modified with your proxy settings of course):
Mmm, ssl fun...
The last system I used with SSL certificates needed both the server CA and a client certificate to be used, which might not be the case here. You may need some or all of these lines:
-Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=clientcertificate.p12 -Djavax.net.ssl.trustStore=myservers.keystore -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStorePassword=xxxxx -Djavax.net.ssl.keyStorePassword=xxxxx
You might also want to try this (actually, try this first - without the lines above - it will tell you a LOT about what java is trying to do with ssl)
I tried with "-Djavax.net.debug=ssl" as you suggested.
Got the same error;
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
FYI, I have imported the SSL to java cacerts already.
Hey Atlassian community, I help lead engineering at Sentry, an open-source error-tracking and monitoring tool that integrates with Jira. We started using Jira Software Cloud internally last year, a...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs