Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Use Jira CLI with ssl

Tor Nordam
Tor Nordam May 5, 2014

I'd like to use the Jira CLI to export a list of issues, but I have trouble connecting to the server. My company issues certificates we have to use when logging on to the web interface of jira, so I exported this certificate, with the private key, using certmgr.msc. I then moved to linux, and imported this certificate into a new keystore file, as follows:

keytool -importkeystore -srckeystore cert.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS

Next, I obtained the public key of the server, by clicking on the padlock in the address bar of Firefox, navigating to "Export...", and then imported the server certificate into a new truststore, as follows:

keytool -import -keystore servercert.jks -file server.crt

Finally, I try using the Jira CLI from the linux commad line as follows:

java -Djavax.net.ssl.trustStore=servercert.jks -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStore=clientcert.jks -Djavax.net.ssl.keyStorePassword=changeit -jar ./lib/jira-cli-3.9.0-SNAPSHOT.jar --server https://server --user username --password password --action getIssueList --filter 10000 --file output.txt

This results in the following error message:

Unable to log in to server: https://server/rpc/soap/jirasoapservice-v2 with user: username.
 Cause: ; nested exception is: 
	java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

Any ideas as to what I'm doing wrong?

Answer
Watch
Like Be the first to like this
2025 views

3 answers

1 accepted

1 vote
Answer accepted
Tor Nordam
Tor Nordam May 6, 2014

Found a solution that works for me:

First, export your own certificate and private key into a .pfx file as described above, then use the following commands to split it into separate files for the certificate and the key [1]:

openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem

Then follow the excellent description given in Ref. 2, and remember in particular to use the commandline options for keyStoreType and trustStoreType (trustStoreType may be unneccesary, if jks is the default) as listed under Issues/Remarks/Tips at the bottom of the answer.

References:

1: https://wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File

2: http://stackoverflow.com/questions/1666052/java-https-client-certificate-authentication

View More Comments
Bob Swift OSS (Bob Swift Atlassian Apps)
Bob Swift OSS (Bob Swift Atlassian Apps)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 6, 2014

Thanks for posting. I will add a link to this answer in the reference.

Like
Reply
0 votes
Dave Long
Dave Long April 13, 2017

Key note for those using a .pfx file (usually exported from IIS)

 

I struggled with this for entirely too long...nowhere in the documentation does Atlassian mention the fix for our scenario. I signed up for an account just to post this-- I hope it saves someone's day.

 

At the end of Step 1, Certificate Option 2-- on the 'Running Confluence over SSL' links: https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html

don't create a keystore.

 

In Confluence's server.xml file, where you specify  '-srckeystore <MY_PKC12_KEYSTORE_NAME>', enter the path to your .pfx file. That is your srckeystore file. Atlassian, please recognize this and update your documentation. Much love!

Reply
0 votes
Bob Swift OSS (Bob Swift Atlassian Apps)
Bob Swift OSS (Bob Swift Atlassian Apps)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 6, 2014

Don't know, butHow to deal with https and SSL problems has some other references that may help.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events