Hi,
As part of CLI evaluation, would like to remove few users from groups using a CSV file.
Tried with JIRA CLI 3.8 and JIRA 5.2.9, unfortunately, the script doesn't work and gives the below error;
=====================
sh jira.sh
Unable to log in to server: https://sts-integ.app.my-domain.com/rpc/soap/jirasoapservice-v2with user: username.
Cause: ; nested exception is:
java.net.ConnectException: Connection refused
=====================
You may find the action which I used in the jira.sh script below;
/opt/jira/current/jre/bin/java -jar `dirname $0`/lib/jira-cli-3.8.0.jar --server https://sts-integ.app.my-domain.com/--user username --password ****** --action removeUserFromGroupWithFile --file removeUserToGroupWithFile.csv "$@"
Could you please trace what could be the issue here ?
Right, well, there's your answer - your certificate is not being found, or it's not valid. So you either haven't "imported the SSL to java cacerts" or it's requiring more certificates, or you aren't enabling it to read the certificate store.
Thanks a lot Nic. It's fixed now.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Check the following:
Do this from the same system you are trying to run the CLI command from.
Do you use proxy at your side? (as this also might require additional settings)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Boris
I can access the site. Infact, I am running the CLI from the JIRA server itself.
For second point, I got the below page. Hope its fine.
"
Hi there, this is an AXIS service!
Perhaps there will be a form for invoking the service here... "
We do use a proxy to access JIRA from outside. Do you think we need to add proxy settings in the CLI even if I run from JIRA server ?
Thanks, Vishnu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You should try configuring java proxy settings as java would not pick the system proxy settings which might lead to issues even when run on the same server.
Pass proxy params to JAVA either directly on the command line or through JAVA_OPTS like these (modified with your proxy settings of course):
-Dhttps.proxyHost=proxy.example.org
-Dhttps.proxyPort=8080
-Dhttps.nonProxyHosts=*.foo.com|localhost
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Boris
Even that didn't help.
Seems like SSL issue. Do we need to download the certificate ?
Thanks, Vishnu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm not sure here.
@Nic Broughcan you help with that ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Mmm, ssl fun...
The last system I used with SSL certificates needed both the server CA and a client certificate to be used, which might not be the case here. You may need some or all of these lines:
-Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=clientcertificate.p12 -Djavax.net.ssl.trustStore=myservers.keystore -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStorePassword=xxxxx -Djavax.net.ssl.keyStorePassword=xxxxx
You might also want to try this (actually, try this first - without the lines above - it will tell you a LOT about what java is trying to do with ssl)
-Djavax.net.debug=ssl
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nic,
I tried with "-Djavax.net.debug=ssl" as you suggested.
Got the same error;
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
FYI, I have imported the SSL to java cacerts already.
Thanks, Vishnu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Could you elaborate this "you aren't enabling it to read the certificate store." ?
How to enable this in CLI ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The first part of my comment - you need to provide the CLI access to the keystores with the -Djavax stuff.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Also check that "remote access" is enabled on the Jira server (in general config)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nic,
Remote API is turned on.
Regards, Vishnu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, then it's the network settings and Boris is on the case there :-)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.