Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,552,582
Community Members
 
Community Events
184
Community Groups

Secure postgres JDBC connection

Edited
Hamza Rezgui
Hamza Rezgui May 28, 2021

I am trying to connect Jira  to postgres database using SSL with "sslmode=verify-full"

The  error I am getting is

"org.postgresql.util.PSQLException: Could not open SSL root certificate file /home/jira/.postgresql/root.crt."

My client certicats (P12 format) is in $JAVA_HOME/jre/lib/security/

I need to change the path where it is looking for the certificate. Can I change the path, and how can I do that because i dont have /home/jira/.postgresql/root.crt. in my server ?

Answer
Watch
Like Be the first to like this
2628 views

2 answers

1 accepted

0 votes
Answer accepted
Charlie Misonne
Charlie Misonne
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 28, 2021

Hi Hamza, welcome to the Atlassian Community!

According to Posgrre's official documentation: Configuring the Client

The location of the client certificate, the PKCS-8 client key and root certificate can be overridden with the sslcertsslkey, and sslrootcert settings respectively. These default to /defaultdir/postgresql.crt, /defaultdir/postgresql.pk8, and /defaultdir/root.crt respectively where defaultdir is ${user.home}/.postgresql/ in *nix systems and %appdata%/postgresql/ on windows

So you can use the sslrootcert parameter. You should append it to your jdbc URL just like you did for the sslmode parameter.

Something like:

jdbc:postgresql://1.2.3.4:5432/jiradb?ssl=true&sslmode=verify-full&sslrootcert=/your/path/root.crt

Same for the other parameters if you need them.

Hope this helps! Let me know if you can get it to work. 

View More Comments
Hamza Rezgui
Hamza Rezgui May 30, 2021 • edited

Hi Charlie,

Thank you for the response.

I changed the jdbc string in dbconfig.xml to

<url>jdbc:postgresql://mydbserver:5432/jiradb?sslmode=verify-full&sslkey=/opt/atlassian/jira/atlassian-jira-software-8.13.3/jre/lib/security/mycertif.p12</url>

Now, i have no errors in logs, but Jira is not connected to the database :/

Like
Charlie Misonne
Charlie Misonne
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 30, 2021

Hi Hamza,

So what do you get when starting Jira in your browser?

Like Hamza Rezgui likes this
Hamza Rezgui
Hamza Rezgui May 31, 2021 • edited

I have Jira setup page

image.pngimage.png

Like
Charlie Misonne
Charlie Misonne
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 31, 2021

Is your database empty or does it contain Jira data already?
If it's empty the easiest would be to remove the dbconfig.xml file and configure the database settings via the setup wizard keeping in mind the extra ssl parameters.

If you're manually configuring the dbconfig.xml file there's a chance to make mistakes and Jira will not load the XML correctly.
Atlassian has a configuration tool that can help you generate the file correctly.

Make sure the user running Jira on your system has read/write access to the dbconfig.xml as well.

Like Hamza Rezgui likes this
Hamza Rezgui
Hamza Rezgui May 31, 2021

no the database is not empty, if i run with no sslmode, i can connect to my old ready database.

Like
Charlie Misonne
Charlie Misonne
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 31, 2021

Well that's odd.

So if you change

<url>jdbc:postgresql://mydbserver:5432/jiradb?sslmode=verify-full&sslkey=/opt/atlassian/jira/atlassian-jira-software-8.13.3/jre/lib/security/mycertif.p12</url>

to

<url>jdbc:postgresql://mydbserver:5432/jiradb</url>

in the same dbconfig.xml (and configure Postgres to accept non ssl connections) it works?

I just want to make sure you're not using a copy of the dbconfig.xml and forgot to set file permissions by mistake. Because Jira will nog log an error when the file permissions are incorrect as stated in JRASERVER-66551

If you're certain of the file permissions I suggest you contact Atlassian Support. I don't have a full dbconfig example with ssl to share with you myself.

Like Hamza Rezgui likes this
Hamza Rezgui
Hamza Rezgui May 31, 2021

yes, whene i change the jdbc string in the same dbconfig file without ssl its work, Jira can connect the the database and and i ca, find my project and my data.

No problem with th dbconfig.xml file permission :/

Like
dujas
dujas Feb 14, 2022

hi Hamza,

I think I am in the same boat with you, may I know if there is any further update regarding the SSL connection to Postgresql?

Thanks.

Jason Du

Like Prashantgouda KARAKANAGOUDR likes this
Prashantgouda KARAKANAGOUDR
Prashantgouda KARAKANAGOUDR Mar 07, 2022

Has anyone able to setup this successfully for postgres? 

Is there any Atlassian documentation for the same? like one available for MySql.

https://confluence.atlassian.com/jirakb/configure-jira-server-to-connect-to-mysql-via-ssl-280691010.html

Like
Like # people like this
Reply
0 votes
Jacob Francois
Jacob Francois Mar 22, 2023

Did any one figure this out ? i tried https://community.atlassian.com/t5/Jira-questions/SSL-connection-between-jira-service-management/qaq-p/1944433 but it didn't work. When i use ";" i am able to connect to the db but i run into the same problem like above. Jira is asking me to set up a new DB. 

 

When i use "&" i get errors in my logs saying jira can't connect to the DB. 

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

See all events