I have two servers one with hipchat and the other with JIRA each have their own external ips and are accessible from the web.
The JIRA server is on centos 6.5 and has the following open ports 22, 80, 443, 5222, 5223. It is not on an ssl at the moment. http://jira.myserver.com
the Hipchat server is a standard ova install, with a comodo wildcard ssl. https://chat.myserver.com
for troubleshooting I am allowing all ports through our firewall for both servers
trying to connect hipchat to the JIRA directory I get the following error
Connection test failed. Response from the server: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
When whitelisting the hipchat server in jira, it accepts the url and adds it to the whitelist without problem
however when adding hipchat through "hipchat integration" is says We couldn't reach your server
is all this because they both need ssl?
Ideally I would like the hipchat server available from the web and the JIRA server only on the lan but still have integration, is this possible?
We managed to solve the problem and the solution was pretty simple. Just check your web certificate and look into the chain of trust. You will Likely see a trust chain of "Root CA > Intermediate CA > YOUR Certificate". This is almost a standard nowadays but not always and is has not been in the past. Long story short, when you feed your certificate to Atlassian, JIRA and Hipchat (this applies to all Atlassian products!) make sure to simply Append the "Intermediate CA" certificate, which was provided to you by your CA when you ordered your server certificate, to your normal server cert. Make sure to watch our for the order, the topmost certficate must be your own server certificate, directly followed by the intermediate one. Once you loaded all services with a fully verifiable trust chain it will work! :-)
Important: Just check the SSL Trust chain of your installation with a service like http://ssllabs.com
The PEM File for the Tomcat service as well as the text stuff you Copy&Paste into Hipchat should look like this:
Your Server Cert
Your CA Provided Intermediate Cert
The key for your Cert
this solution seems to me to be valid only in case you use a certificate that was issued by a trusted third-party. However, in out situation we have a self-signed certificate, as the servers do not have contact to the outer world, and the services are used only through a VPN.
So, is there a way to have the JIRA server accept the HipChat's server's certificate anyway? Or to deactivate the SSL enforcement for the HipChat server?
It's possible to integrate HipChat Server with self-signed certificate with JIRA/Confluence. You can refer to the resolution section in this KB for the steps: https://confluence.atlassian.com/display/HIPCHATKB/Unable+to+Integrate+HipChat+Server+with+Confluence+or+JIRA+Applications
Just to jump in i almost have the exact same setup and the exact same issue. For me it is Confluence and HipChat deployed from the OVA. Both connected with their own IPs to the internet. Capable of talking to each other (you can SSH into the Confluence box and open up the HipChat WebSite successfully) but still the plugin gives me: "We couldn't reach your server".
Any ideas would be great :-/
For me the same, both Confluence and JIRA run on non-ssl instances, while Hipchat is with a CA certificate running. If JIRA and Confluence SSL setup was just as easy as Hipchat, I would test that but it looks like a lot of work comparing to Hipchat. And I'm guessing the non-SSL -> SSL connection is not working.
Hope they have a solution soon. Perhaps @Will DeHaan?
Thanks for your comment, this is the solution indeed. JIRA or Confluence can still run on http though, so that is perfect. I even had to add more certificates (I use Comodo Positive SSL), so this was my setup that is working:
Your Server Cert
In my case the COMODORSADomainValidationSecureServerCA.cert
In my case the COMODORSAAddTrustCA.cert
The key for your Cert
Good luck everyone.
When I go to "HipChat Integration" in Confluence and enter the FQDN for out HipChat server (https://hipchat.ourcompanyintranetdomain.com << not the real FQDN) and click "Connect HipChat", Confluence says "We couldn't reach your server". There is no record or this error in /var/atlassian/application-data/confluence/logs/atlassian-confluence.log – no record of it at all.
We are currently using an evaluation license (invoice and payment is pending). Is this functionality disabled under an evaluation license?
Just to add to what Robert and Peter have mentioned, to validate that you might be having the same problem:
If you watch the requests when clicking "Connect HipChat", you'll see a 404 request, or some other bad request. If you attempt that GET request in a browser directly, you will see this message embedded in the exception message:
"unable to find valid certification path to requested target"
If you see this, you're on the right track following their advice.
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
A picture tells a thousand words. And agility boards have just released their latest feature: cover images on issues – so now your board can tell a story at first glance. Upload attachmen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs