Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSL error with Bitbucket (v5.10.0)

Jonny Polivka
Jonny Polivka
Contributor
October 21, 2018

Hello:

I have SSL enable but chrome reports my connection is not private listing "ERR_CERT_COMMON_NAME_INVALID".  Searching on this yields lots of results but nothing that I'm able to use.

I followed the process outline in the documents (https://confluence.atlassian.com/bitbucketserver/securing-bitbucket-server-with-tomcat-using-ssl-776640127.html) with one exception...my CA gives instructions for importing a .pem file.  

So when that didn't work, i started back from scratch and was able to find where to download root, intermediate and servercertificate files and import root and intermediate .crt files.  After rebooting the service still the same error.  

Over this weekend I've play more with various steps but never was able to get it correct all browsers (chrome, firefox, edge) report that the site is not private.

So I am at a loss to what the issue is, any insight is welcomed.

 

bitbucket.properties

server.port=443
server.ssl.enabled=true
server.ssl.key-store=C:/cert/tomcat.keystore
server.ssl.key-store-password=<password>
server.ssl.key-alias=tomcat

 

 

Answer
Watch
Like Be the first to like this
1034 views

2 answers

0 votes
Jonny Polivka
Jonny Polivka
Contributor
October 23, 2018

After talking with our CA vendor support and searching online I've come to the conclusion that what I'm asking isn't realistic.  

The short is, I want Bitbucket users not have to go through the rigmarole of trusting a self-signed cert for any Git client they use...plus not have to do the same with our build automation for a system that is not exposed to the internet.  

The forum thread below describes exactly what I want to accomplish and answers the question.  Spoiler alert... Not feasible. 

https://community.letsencrypt.org/t/ssl-certificate-for-a-internal-only-domain-thats-not-on-the-internet/27062

Reply
0 votes
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 22, 2018

Hello Jonny,

Certificate setup with errors can be very frustrating to deal with.

The error you have is typically a browser error, more inline with Chrome not liking the certificate and possibly the intermediate certificate. If you are using GoDaddy, DigiCert, etc, then you need to ensure the intermediate certificate is imported into your keystore. Not having the intermediate certificate will cause issues with trusting the certificate chain.

To check to see if your keystore has the intermediate cert, run the following:

C:/JAVAPATH/keytool -list -v -keystore C:/cert/tomcat.keystore

Here is the Chrome KB for connection errors (ERR_CERT_COMMON_NAME_INVALID): https://support.google.com/chrome/answer/6098869?vid=0-1096065308212-1494386582244

We also have a KB that lists diagnosis tools that you can use to test connectivity: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html

I hope this helps in resolving your issue.

-Stephen Sifers

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.