I just installed a clean JIRA 4.1.2 (WAR/EAR) on a test server and want to connect it to my Crowd server (2.0.7) to authenticate users. I've added the IP for the new JIRA instance into my Crowd and the authentication test seems to work. I updated my JIRA server.xml file to include my SSL certs, but when I try to log in with the account I know works at least locally, I get the following in the logs:

Error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Note: My Crowd server and current production JIRA both have SSL working. It appears that my new JIRA instance is not correctly configured to talk to Crowd's SSL setup, but I can't figure out what I need to change to get it to work. I didn't setup the current systems.

Server.xml (the trustPass is empty by design)

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
MaxThread="150" scheme="https" secure="true"
keystoreFile="/etc/pki/tls/certs/jira1.jks"
keystorePass="jira"
trustStoreFile="/etc/pki/tls/certs/trust.jks"
truststorePass=""
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>

osuser.xml

I commented out the second <provider class> section and uncommented the first section

crowd.properties

added the application.name as it is identified in Crowd for this server
added the application.password as the one identified by my keystorePass
updated the application.login.url to https://servername:8443/jira

crowd.server.url is set to my production server's Crowd instance URL

seraph-config.xml

I did not modify this file because I wanted to be able to use both Jira's internal user management and Crowd's user management. However, I can't login with the local JIRA user either.