Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

ssl.SSLCertVerificationError

Rajaiah Kanthala
Rajaiah Kanthala November 19, 2019

Hi i am getting following error when i am coonecting JIRA hrough API

but my other employee able to connect and get the data.

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)

Answer
Watch
Like Be the first to like this
1576 views

1 answer

0 votes
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 21, 2019

Hello @Rajaiah Kanthala ,

Welcome to the Atlassian Community!

Can you kindly try to call the same REST API endpoint using Curl and paste the output in here (removing the sensitive data) like in below example?

 

curl -v -u <EMAIL-ADDRESS>:<API-TOKEN> https://<NAME>.atlassian.net/rest/api/3/project/search


*   Trying 52.215.xxx.xxx...
* TCP_NODELAY set
* Connected to XXXXXXX.atlassian.net (52.215.xxx.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Atlassian Network Services, Inc.; CN=*.atlassian.net
*  start date: Oct  6 00:00:00 2017 GMT
*  expire date: Dec 20 12:00:00 2019 GMT
*  subjectAltName: host "XXXXXXXX.atlassian.net" matched cert's "*.atlassian.net"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Server auth using Basic with user 'XXXXXXXX@atlassian.com'
* Using Stream ID: 1 (easy handle 0x561649afd580)

> GET /rest/api/3/project/search HTTP/2
> Host: XXXXXXXX.atlassian.net
> Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> User-Agent: curl/7.58.0
> Accept: */*


* Connection state changed (MAX_CONCURRENT_STREAMS updated)!

< HTTP/2 200 
< server: AtlassianProxy/1.15.8.1
< vary: Accept-Encoding
< cache-control: no-cache, no-store, no-transform
< content-type: application/json;charset=UTF-8
< strict-transport-security: max-age=315360000; includeSubDomains; preload
< date: Thu, 21 Nov 2019 10:58:09 GMT
< atl-traceid: XXXXXXXXXXXX
< x-aaccountid: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
< x-arequestid: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
< x-xss-protection: 1; mode=block
< timing-allow-origin: *
< x-content-type-options: nosniff
< set-cookie: atlassian.xsrf.token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; Path=/; Secure

 

{

  "self": "https://XXXXXXXX.atlassian.net/rest/api/3/project/search?maxResults=50&startAt=0",
  "maxResults": 50,
  "startAt": 0,
  "total": 9,
  "isLast": true,
  "...": "..."
  ....

}

 

Please replace:

Run above command and paste the output (remove the sensitive data like above) in your reply.

 

Cheers,
Dario

View More Comments
Rajaiah Kanthala
Rajaiah Kanthala November 24, 2019

C:\>curl -v -u email:xxxxxxxxxxxx https://name.atlassian.net/rest/api/3/project/search

*   Trying 18.234.32.175:443...

* TCP_NODELAY set

* Connected to name.atlassian.net (18.234.32.175) port 443 (#0)

* ALPN, offering h2

* ALPN, offering http/1.1

* successfully set certificate verify locations:

*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

  CApath: none

* TLSv1.3 (OUT), TLS handshake, Client hello (1):

* TLSv1.3 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (OUT), TLS alert, unknown CA (560):

* SSL certificate problem: unable to get local issuer certificate

* Closing connection 0

curl: (60) SSL certificate problem: unable to get local issuer certificate

More details here: https://curl.haxx.se/docs/sslcerts.html

 

curl failed to verify the legitimacy of the server and therefore could not

establish a secure connection to it. To learn more about this situation and

how to fix it, please visit the web page mentioned above.

Like
Dario B
Dario B
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 26, 2019

Hi @Rajaiah Kanthala ,

The possible ways to fix this error are listed in the link you got in the error message returned by curl:

 

In this specific case, point 5 could be the best solution since it looks like you are missing the needed certificate in your CA bundle:

5. Get a better/different/newer CA cert bundle! One option is to extract the one a recent Firefox browser uses by running 'make ca-bundle' in the curl build tree root, or possibly download a version that was generated this way for you: CA Extract

 

P.S. I removed your API Token from your reply. Please revoke that one and generate a new one. 

 

Cheers,
Dario

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events