Use Jira CLI with ssl

I'd like to use the Jira CLI to export a list of issues, but I have trouble connecting to the server. My company issues certificates we have to use when logging on to the web interface of jira, so I exported this certificate, with the private key, using certmgr.msc. I then moved to linux, and imported this certificate into a new keystore file, as follows:

keytool -importkeystore -srckeystore cert.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS

Next, I obtained the public key of the server, by clicking on the padlock in the address bar of Firefox, navigating to "Export...", and then imported the server certificate into a new truststore, as follows:

keytool -import -keystore servercert.jks -file server.crt

Finally, I try using the Jira CLI from the linux commad line as follows:

java -jar ./lib/jira-cli-3.9.0-SNAPSHOT.jar --server https://server --user username --password password --action getIssueList --filter 10000 --file output.txt

This results in the following error message:

Unable to log in to server: https://server/rpc/soap/jirasoapservice-v2 with user: username.
 Cause: ; nested exception is: Error constructing implementation (algorithm: Default, provider: SunJSSE, class:$DefaultSSLContext)

Any ideas as to what I'm doing wrong?

3 answers

1 accepted

1 vote
Accepted answer

Found a solution that works for me:

First, export your own certificate and private key into a .pfx file as described above, then use the following commands to split it into separate files for the certificate and the key [1]:

openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem

Then follow the excellent description given in Ref. 2, and remember in particular to use the commandline options for keyStoreType and trustStoreType (trustStoreType may be unneccesary, if jks is the default) as listed under Issues/Remarks/Tips at the bottom of the answer.




Thanks for posting. I will add a link to this answer in the reference.

Don't know, butHow to deal with https and SSL problems has some other references that may help.

Key note for those using a .pfx file (usually exported from IIS)


I struggled with this for entirely too long...nowhere in the documentation does Atlassian mention the fix for our scenario. I signed up for an account just to post this-- I hope it saves someone's day.


At the end of Step 1, Certificate Option 2-- on the 'Running Confluence over SSL' links:

don't create a keystore.


In Confluence's server.xml file, where you specify  '-srckeystore <MY_PKC12_KEYSTORE_NAME>', enter the path to your .pfx file. That is your srckeystore file. Atlassian, please recognize this and update your documentation. Much love!

Suggest an answer

Log in or Sign up to answer
Community showcase
Published 7 hours ago in Jira

How you can achieve compact and easy-to-maintain workflows in your JIRA( Server)

This approach requires you to have the JIRA administrative rights. The main aim of this article is to help you achieve an organized, easy-to-maintain workflows in your JIRA instance thereby, reducin...

96 views 0 0
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you