Continuing the topic:

Where are you terminating SSL? Apache or Tomcat?

Actually SSL is being terminated before application server, so the problem most likely is: JIRA addresses Confluence signing request with trusted certificate, but nor apache, nor confluence can't decript it, because they don't have private key for this cert.

So the solution for our intranet users would be http applink, but users from outside local network will recieve an error, mentioned earlier by Alex.

I'm currently looking for the way to route requests from both applications, stationed on same server as external request to pass through server, that terminates SSL,Some bright ideas on how to do it, or maybe better options on how to solve this problem?

Sounds like a certificate validation issue. Do both your applications have the same SSL certificate or does each one present a different self signed certificate? If the latter is the case each will reject the other because they don't match.

Just re-reading your original post I have a question. Where are you terminating SSL? Apache or Tomcat? The point of using Apache to reverse-proxy in front is then you don't need to access the applications on different ports. You should be using proxypass and proxypass-reverse to get traffic to/from the tomcat instances and the client on the Apache port (80/443). It should also terminate the SSL presenting one certificate for the server. If all three are on the same machine you can argue that SSL between Apache and Tomcat is redundant.

I have faced the same problem. The cause is the firewall issue. Once you release the firewall on JIRA side, you might not face the same problem. Or you open the JIRA port in the firewall setup for inbound rule.

Hello Janet.

does the user that click on the JIRA link has user account in JIRA instance ?

yes, jira and confluence has the same users - they are from ActiveDirectory

does the integration works with Trusted Application created using http://localhost:port_number instead of using the DNS

does the integration works if you use HTTP connection instead of HTTPS connection ?

no, I've tried local addresses on HTTP -result of jira issues macro is "The jira server was not able to process the search. This may indicate a problem with the syntax of this macro. Alternatively, if this macro is requesting specific issue keys, you may not have permissions to wiew one of these issues."

jira issue macro works the same way: When user clicks jira link (jira-issue) - jira shows login page (instead of auto login as Trusted Application)

Probably this is linked problem: the same user can't be logged the same time in both jira and confluence:

user logins into jira, then in new tab logins into confluence, if user returns to jira - application says "You not logged in", after login in jira, goes to confluence tab - application says "You not logged in".

Hi Alex,

Just a quick question here.

1) When user clicks jira link (jira-issue) - jira shows login page (instead of auto login as Trusted Application)

does the user that click on the JIRA link has user account in JIRA instance ?

2) jira-issues marco show 'The host did not accept the connection within timeout of 10000 ms'

Since JIRA and Confluence running in the same host:

• does the integration works with Trusted Application created using http://localhost:port_number instead of using the DNS
• does the integration works if you use HTTP connection instead of HTTPS connection ?

If you decided to keep using any of the connection, make sure to Edit the Display URL in the Application Link.