Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

jira and hipchat integration

Paul Buchanan
Paul Buchanan March 11, 2015

THE SETUP:

I have two servers one with hipchat and the other with JIRA each have their own external ips and are accessible from the web. 

The JIRA  server is on centos 6.5 and has the following open ports 22, 80, 443, 5222, 5223. It is not on an ssl at the moment. http://jira.myserver.com

the Hipchat server is a standard ova install, with a comodo wildcard ssl. https://chat.myserver.com

for troubleshooting I am allowing all ports through our firewall for both servers

 

THE PROBLEMS:

trying to connect hipchat to the JIRA directory I get the following error

Connection test failed. Response from the server:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

When whitelisting the hipchat server in jira, it accepts the url and adds it to the whitelist without problem

however when adding hipchat through "hipchat integration" is says We couldn't reach your server

is all this because they both need ssl?

 

OBTW

Ideally I would like the hipchat server available from the web and the JIRA server only on the lan but still have integration, is this possible?

 

many thanks

 

Answer
Watch
Like Daniel Widdis likes this
1715 views

7 answers

2 votes
gerhard_innoreq
gerhard_innoreq April 26, 2015

Hello,

this solution seems to me to be valid only in case you use a certificate that was issued by a trusted third-party. However, in out situation we have a self-signed certificate, as the servers do not have contact to the outer world, and the services are used only through a VPN. 

So, is there a way to have the JIRA server accept the HipChat's server's certificate anyway? Or to deactivate the SSL enforcement for the HipChat server?

Best regards,

Hardy

View More Comments
Sascha Schwegelbauer
Sascha Schwegelbauer May 6, 2015

Same problem here, also using self-signed certs. Using inofficial certificates is a must-have feature for on-premise servers.

Like
hsuhailah
hsuhailah
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 18, 2015

It's possible to integrate HipChat Server with self-signed certificate with JIRA/Confluence. You can refer to the resolution section in this KB for the steps: https://confluence.atlassian.com/display/HIPCHATKB/Unable+to+Integrate+HipChat+Server+with+Confluence+or+JIRA+Applications

Like
Reply
2 votes
Robert Boehme
Robert Boehme March 25, 2015

Hi everyone

We managed to solve the problem and the solution was pretty simple. Just check your web certificate and look into the chain of trust. You will Likely see a trust chain of "Root CA > Intermediate CA > YOUR Certificate". This is almost a standard nowadays but not always and is has not been in the past. Long story short, when you feed your certificate to Atlassian, JIRA and Hipchat (this applies to all Atlassian products!) make sure to simply Append the "Intermediate CA" certificate, which was provided to you by your CA when you ordered your server certificate, to your normal server cert. Make sure to watch our for the order, the topmost certficate must be your own server certificate, directly followed by the intermediate one. Once you loaded all services with a fully verifiable trust chain it will work! :-)

Important: Just check the SSL Trust chain of your installation with a service like http://ssllabs.com 

The PEM File for the Tomcat service as well as the text stuff you Copy&Paste into Hipchat should look like this:

---CERTIFICATE---
Your Server Cert
---CERTIFICATE---
---CERTIFICATE---
Your CA Provided Intermediate Cert
---CERTIFICATE---
---PRIVATE KEY---
The key for your Cert
---PRIVATE KEY---

 

Many greetings

Robert

Reply
0 votes
Ben Floyd
Ben Floyd October 23, 2015

Just to add to what Robert and Peter have mentioned, to validate that you might be having the same problem:

If you watch the requests when clicking "Connect HipChat", you'll see a 404 request, or some other bad request. If you attempt that GET request in a browser directly, you will see this message embedded in the exception message:

"unable to find valid certification path to requested target"

If you see this, you're on the right track following their advice.

Reply
0 votes
Brandon Blackmo
Brandon Blackmoor June 5, 2015

Configuration:

  • HipChat Server OVA, accessed over ssl, certificate provided by Thawte
  • Confluence and Jira running in a second (Ubuntu) server, not running behind ssl, but with all certificates imported into their respective keystores
  • Apache acting as ssl proxy for Confluence and JIRA on the second server, and all certificates included in the pem file being used by Apache
  • All relevant ports open between these two servers (one can ssh to one and access ports 80 and 443 on the other), and the HipChat server is accessible to the internet

When I go to "HipChat Integration" in Confluence and enter the FQDN for out HipChat server (https://hipchat.ourcompanyintranetdomain.com << not the real FQDN) and click "Connect HipChat", Confluence says "We couldn't reach your server". There is no record or this error in /var/atlassian/application-data/confluence/logs/atlassian-confluence.log – no record of it at all.

We are currently using an evaluation license (invoice and payment is pending). Is this functionality disabled under an evaluation license?

Reply
0 votes
Esser Emmerik
Esser Emmerik March 25, 2015

Robert, 

Thanks for your comment, this is the solution indeed. JIRA or Confluence can still run on http though, so that is perfect. I even had to add more certificates (I use Comodo Positive SSL), so this was my setup that is working:

---CERTIFICATE---
Your Server Cert
---CERTIFICATE---
---CERTIFICATE---
In my case the COMODORSADomainValidationSecureServerCA.cert
---CERTIFICATE---
---CERTIFICATE---
In my case the COMODORSAAddTrustCA.cert
---CERTIFICATE---
---PRIVATE KEY---
The key for your Cert
---PRIVATE KEY---
The first try was only with the COMODORSADomainValidationSecureServerCA certificate and http://ssllabs.com gave the A- classification, but in the path 2 I still saw one "download" action. After adding the second certificate it was still A- but there where no "download" actions in the paths. If it is all "sent by server", you are setup! 

Good luck everyone.

Peter

Reply
0 votes
Esser Emmerik
Esser Emmerik March 25, 2015

For me the same, both Confluence and JIRA run on non-ssl instances, while Hipchat is with a CA certificate running. If JIRA and Confluence SSL setup was just as easy as Hipchat, I would test that but it looks like a lot of work comparing to Hipchat. And I'm guessing the non-SSL -> SSL connection is not working.

Hope they have a solution soon. Perhaps @Will DeHaan?

Peter

Reply
0 votes
Robert Boehme
Robert Boehme March 11, 2015

Hi Paul

Just to jump in i almost have the exact same setup and the exact same issue. For me it is Confluence and HipChat deployed from the OVA. Both connected with their own IPs to the internet. Capable of talking to each other (you can SSH into the Confluence box and open up the HipChat WebSite successfully) but still the plugin gives me: "We couldn't reach your server". 

Any ideas would be great :-/

Greetings

Robert

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events