Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

ssl.SSLCertVerificationError

Hi i am getting following error when i am coonecting JIRA hrough API

but my other employee able to connect and get the data.

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)

1 answer

0 votes

Hello @Rajaiah Kanthala ,

Welcome to the Atlassian Community!

Can you kindly try to call the same REST API endpoint using Curl and paste the output in here (removing the sensitive data) like in below example?

 

curl -v -u <EMAIL-ADDRESS>:<API-TOKEN> https://<NAME>.atlassian.net/rest/api/3/project/search


*   Trying 52.215.xxx.xxx...
* TCP_NODELAY set
* Connected to XXXXXXX.atlassian.net (52.215.xxx.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Atlassian Network Services, Inc.; CN=*.atlassian.net
*  start date: Oct  6 00:00:00 2017 GMT
*  expire date: Dec 20 12:00:00 2019 GMT
*  subjectAltName: host "XXXXXXXX.atlassian.net" matched cert's "*.atlassian.net"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Server auth using Basic with user 'XXXXXXXX@atlassian.com'
* Using Stream ID: 1 (easy handle 0x561649afd580)

> GET /rest/api/3/project/search HTTP/2
> Host: XXXXXXXX.atlassian.net
> Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> User-Agent: curl/7.58.0
> Accept: */*


* Connection state changed (MAX_CONCURRENT_STREAMS updated)!

< HTTP/2 200 
< server: AtlassianProxy/1.15.8.1
< vary: Accept-Encoding
< cache-control: no-cache, no-store, no-transform
< content-type: application/json;charset=UTF-8
< strict-transport-security: max-age=315360000; includeSubDomains; preload
< date: Thu, 21 Nov 2019 10:58:09 GMT
< atl-traceid: XXXXXXXXXXXX
< x-aaccountid: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
< x-arequestid: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
< x-xss-protection: 1; mode=block
< timing-allow-origin: *
< x-content-type-options: nosniff
< set-cookie: atlassian.xsrf.token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; Path=/; Secure

 

{

  "self": "https://XXXXXXXX.atlassian.net/rest/api/3/project/search?maxResults=50&startAt=0",
  "maxResults": 50,
  "startAt": 0,
  "total": 9,
  "isLast": true,
  "...": "..."
  ....

}

 

Please replace:

Run above command and paste the output (remove the sensitive data like above) in your reply.

 

Cheers,
Dario

C:\>curl -v -u email:xxxxxxxxxxxx https://name.atlassian.net/rest/api/3/project/search

*   Trying 18.234.32.175:443...

* TCP_NODELAY set

* Connected to name.atlassian.net (18.234.32.175) port 443 (#0)

* ALPN, offering h2

* ALPN, offering http/1.1

* successfully set certificate verify locations:

*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

  CApath: none

* TLSv1.3 (OUT), TLS handshake, Client hello (1):

* TLSv1.3 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (OUT), TLS alert, unknown CA (560):

* SSL certificate problem: unable to get local issuer certificate

* Closing connection 0

curl: (60) SSL certificate problem: unable to get local issuer certificate

More details here: https://curl.haxx.se/docs/sslcerts.html

 

curl failed to verify the legitimacy of the server and therefore could not

establish a secure connection to it. To learn more about this situation and

how to fix it, please visit the web page mentioned above.

Hi @Rajaiah Kanthala ,

The possible ways to fix this error are listed in the link you got in the error message returned by curl:

 

In this specific case, point 5 could be the best solution since it looks like you are missing the needed certificate in your CA bundle:

5. Get a better/different/newer CA cert bundle! One option is to extract the one a recent Firefox browser uses by running 'make ca-bundle' in the curl build tree root, or possibly download a version that was generated this way for you: CA Extract

 

P.S. I removed your API Token from your reply. Please revoke that one and generate a new one. 

 

Cheers,
Dario

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you