Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSL setup of application links

JUS
JUS November 8, 2019

we got while setting up app links between confluence-jira and vice versa error: "<link> may be using a self-signed SSL certificate or a certificate that was issued by a certificate authority that isn't known locally."

we checked following:

  • a wild card cert (*.xyz.com) incl. ca-chain was installed in jre keystore's for jira.xyz.com:8443 (jira sw) and jcon.xyz.com:8444 (Jira confluence)
  • both server.xml were configured to point to built in jre keystore (above)
  • SSLPoke from jira->confluence and vice versa, e.g. by
    java -Djavax.net.ssl.trustStore=/opt/atlassian/jira/jira.jks SSLPoke jira.xyz.com 8443
    shows
    Successfully connected
  • no SSL errors shown in logs/catalina.out

Are there any other checks, we can execute to test SSL connection?

Many thanks

Jens-Uwe

Answer
Watch
Like Be the first to like this
1750 views

2 answers

2 accepted

0 votes
Answer accepted
Anurag Jalan
Anurag Jalan
Contributor
November 10, 2019

Hi @JUS ,

You will need to import JIRA SSL Certificate in Confluence JAVA Truststore called cacerts usually located at path <installation directory>/jre/lib/security. 

Similarly import Confluence SSL Certificate in JIRA JAVA Truststore called cacerts again.

After that, restart both services & try to establish Application Link again (make sure you are system admin on both).

I had similar issue in past. Following above steps resolved the issue. It is about JAVA of each application trusting other's connection.

View More Comments
JUS
JUS November 11, 2019

Thanks, after fixing the cert issue (complete CA chain added,see above), app links are established now correctly on both sides.

Jens-Uwe

Like
Reply
0 votes
Answer accepted
Alexis Robert
Alexis Robert
Community Champion
November 10, 2019

Hi @JUS , 

 

from the error message, I'd say that it's something to do with an intermediate or root certificate, are you sure that you imported the proper root CA in the keystore ? I usually point to this doc for this : https://confluence.atlassian.com/kb/how-to-import-a-public-ssl-certificate-into-a-jvm-867025849.html

If you don't need SSL for your application links, I would suggest configuring a separate connector in server.xml just for this connection : https://confluence.atlassian.com/kb/how-to-bypass-a-reverse-proxy-or-ssl-in-application-links-719095724.html

 

Let me know if this helps, 

 

--Alexis

View More Comments
JUS
JUS November 11, 2019

Indeed after in depth investigation, the previously imported cert missed the cert chain. Including the complete chain into pkcs12 and re-importing into keystore solved the problem. many thanks, Jens-Uwe

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.