logs flooded with ssl errors

Hello

I recently installed jira 6.2.5 and added https support following the steps described here. The site seemed to be working fine (can log, and work), but the catalina.out log file is flooded with this kind of entries:

httpclient-io:thread-2 ERROR anonymous [http.nio.protocol.HttpAsyncRequestExecutor] http-outgoing-2 [CLOSED] HTTP protocol exception: null

java.nio.channels.ClosedChannelException

at sun.nio.ch.SocketChannelImpl.ensureReadOpen(Unknown Source)

at sun.nio.ch.SocketChannelImpl.read(Unknown Source)

at org.apache.http.nio.reactor.ssl.SSLIOSession.receiveEncryptedData(SSLIOSession.java:340)

at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:366)

at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:118)

at org.apache.http.impl.nio.reactor.BaseIOReactor.validate(BaseIOReactor.java:220)

at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:284)

at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106)

at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:604)

at java.lang.Thread.run(Unknown Source)

Once it starts it nevers stops, and keeps flooding the log till is GBs of size. I have to stop the service and delete the log. When I restart the service the same entries start to flood again the log.Before the flooding starts I have this entries in the log:

javax.net.ssl.SSLHandshakeException: General SSLEngine problem

...

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I thought i had a problem with the certificate ( It is self signed). I found in internet that when using a self signed certificate I had to make sure of two things:

  • making sure the certificate common name matched the domain name (it does).
  • Add the certificate to the list of trusted certificates. I did this using installCert:

http://code.google.com/p/java-use-examples/source/browse/trunk/src/com/aw/ad/util/InstallCert.java

But I still get the same errors. Any idea of how I could fix/troubleshoot this issue?

I guess I have done something wrong when integrating apache + ssl + Jira but I cannot figure out where is the error. Any idea os how to solve this issue, or how to troubleshoot it more effectively?

1 answer

1 accepted

0 vote

Hi Jocar,

The exception you have pasted is addressed by the article below:

Could you please check if the steps provided in the document above help to resolve these errors?

Cheers,

Danilo

Hello Danilo,

I 'd like to try the method described in the link you provided, but I am stuck at step one: importing the certs into the java keystore. I went to this section:

If you're unable to install Portecle on the server or prefer the command line please see ourCommand Line Installation section below.

But it leads me to a n EMPTY section !?

Please, could you clarify how could I import the certs using the CLI? I am conecting to a remote server with no X System whatsoever.

Hi Jocar,

That's rather strange - the section should not be empty and I was also able to browse it accessing the link below:

https://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services#ConnectingtoSSLservices-commandline

I have copied the commands provided in that section below for your convenience. Please make sure to replace the JAVA_HOME for JIRA's JAVA_HOME path.

Cheers,

Danilo

----

Command Line Installation

1. Fetch the certificate, replacing google.comwith the FQDN of the server JIRA is attempting to connect to:

$ openssl s_client -connect google.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt

2. Import the certificate:

<JAVA_HOME>/keytool -import -alias <server_name> -keystore <JAVA_HOME>/lib/security/cacerts -file public.crt

Hi Danilo,

I tried the provided commands but now I am facing this error in the second step:

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

Command I used:

/opt/atlassian/jira/jre/bin/keytool-import-aliasmyserver.com-keystore /opt/atlassian/jira/jre/lib/security/cacerts-file /etc/pki/tls/certs/myserver.com.crt

Basically I got a problem when the previous command asks me for a passwd that I have no set. Since I do not remember to have generated a keytore (maybe the JAVA bundled with JIRA ships wth one?), I tried creating a new one using the info I found in this atlassian site Running Jira over SSl:

keytool -genkey -alias myserver.com -keyalg RSA -keystore /opt/atlassian/jira/jre/bin/myserver.com.jks

The I tried to run again the import command but I got the same error.

Could you help me with this one, please?

Thank you very much. I followed those steps and so far no more SSLEngine errors :)

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Thursday in Jira

5 ways you can make the most of Jira Software and Bitbucket Cloud

As part of the Bitbucket product team I'm always interested in better understanding what kind of impact the use of our tools have on the way you work. In a recent study we conducted of software devel...

78 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you