I recently installed jira 6.2.5 and added https support following the steps described here. The site seemed to be working fine (can log, and work), but the catalina.out log file is flooded with this kind of entries:
httpclient-io:thread-2 ERROR anonymous [http.nio.protocol.HttpAsyncRequestExecutor] http-outgoing-2 [CLOSED] HTTP protocol exception: null
at sun.nio.ch.SocketChannelImpl.ensureReadOpen(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Once it starts it nevers stops, and keeps flooding the log till is GBs of size. I have to stop the service and delete the log. When I restart the service the same entries start to flood again the log.Before the flooding starts I have this entries in the log:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I thought i had a problem with the certificate ( It is self signed). I found in internet that when using a self signed certificate I had to make sure of two things:
But I still get the same errors. Any idea of how I could fix/troubleshoot this issue?
I guess I have done something wrong when integrating apache + ssl + Jira but I cannot figure out where is the error. Any idea os how to solve this issue, or how to troubleshoot it more effectively?
The exception you have pasted is addressed by the article below:
Could you please check if the steps provided in the document above help to resolve these errors?
I 'd like to try the method described in the link you provided, but I am stuck at step one: importing the certs into the java keystore. I went to this section:
If you're unable to install Portecle on the server or prefer the command line please see ourCommand Line Installation section below.
But it leads me to a n EMPTY section !?
Please, could you clarify how could I import the certs using the CLI? I am conecting to a remote server with no X System whatsoever.
That's rather strange - the section should not be empty and I was also able to browse it accessing the link below:
I have copied the commands provided in that section below for your convenience. Please make sure to replace the JAVA_HOME for JIRA's JAVA_HOME path.
Command Line Installation
1. Fetch the certificate, replacing google.comwith the FQDN of the server JIRA is attempting to connect to:
$ openssl s_client -connect google.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt
2. Import the certificate:
<JAVA_HOME>/keytool -import -alias <server_name> -keystore <JAVA_HOME>/lib/security/cacerts -file public.crt
I tried the provided commands but now I am facing this error in the second step:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
Command I used:
Basically I got a problem when the previous command asks me for a passwd that I have no set. Since I do not remember to have generated a keytore (maybe the JAVA bundled with JIRA ships wth one?), I tried creating a new one using the info I found in this atlassian site Running Jira over SSl:
The I tried to run again the import command but I got the same error.
Could you help me with this one, please?
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG