Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira running under SSL; page will not load

Norma Seddon
Norma Seddon November 1, 2019

Hello, I have configured our Jira test server to use SSL by following the instrucitons on this site, https://confluence.atlassian.com/display/JIRA044/Running+JIRA+over+SSL+or+HTTPS?_ga=2.114822919.1420190195.1571617781-1064801266.1516068131#RunningJIRAoverSSLorHTTPS-ImportCertificateIntoTheTruststore. the service starts and I can load JIRA under http but not HTTPS.  i get the error "The site can't be reached"  In the catalina log i see the errors below. We are not using ARP as far as i can tell.

01-Nov-2019 12:44:36.368 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]

org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]

I thought it was something with the certificates but it wasn't working when i added the certificate parameters from the troubleshooting section of the above link.

I thought it was because of the web.config file so i added in the parameters below but then http would not load either. the service started fine, other than the https error mentioned above.

<security-constraint><web-resource-collection><web-resource-name>all-except-attachments</web-resource-name><url-pattern>*.jsp</url-pattern><url-pattern>*.jspa</url-pattern><url-pattern>/browse/*</url-pattern></web-resource-collection><user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint></security-constraint>

 

Has anyone else ran into the issue where the service start but the page will not load and it fails to initialize port 8443?

Answer
Watch
Like Be the first to like this
2948 views

2 answers

1 accepted

0 votes
Answer accepted
Norma Seddon
Norma Seddon November 4, 2019

Hello,

 

the slashes didn't seem to make a difference although it did give me different error messsages which led me to believe i could not use the jave default keystore cacerts and i don't think i was using the correct Certificate.

 

I went back and read the instructions again from here, https://confluence.atlassian.com/display/JIRA044/Running+JIRA+over+SSL+or+HTTPS?_ga=2.114822919.1420190195.1571617781-1064801266.1516068131#RunningJIRAoverSSLorHTTPS-RedirectingCertainPagesToHTTPS.  I have it working and below are the steps i followed.

I generated a key using the command below

C:\Program Files\Atlassian\JIRA\jre\bin>keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password:
What is your first and last name?
[Unknown]: enter server [FQDN]
What is the name of your organizational unit?
[Unknown]: [this is not an AD OU, you can enter anything]
What is the name of your organization?
[Unknown]: [enter your company name]
What is the name of your City or Locality?
[Unknown]: [city]
What is the name of your State or Province?
[Unknown]: [province/state]
What is the two-letter country code for this unit?
[Unknown]: [country code]
Is CN=[FQDN hostname], OU=[OU from above], O=[company], L=[city], ST=[province/state], C=[country] correct?
[no]: y

Enter key password for <tomcat>
(RETURN if same as keystore password):

converted the key to pkcs12 using the command below

C:\Program Files\Atlassian\JIRA\jre\bin>keytool -importkeystore -srckeystore C:\Users\[username]\.keystore -destkeystore C:\Users\[username]\.keystore -deststoretype pkcs12"

copied that keystore to [JAVA_HOME]/lib\security

updated the server.xml file for the https connector.  I had to the bolded items.

<Connector port="8443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;" maxHttpHeaderSize="8192" SSLEnabled="true"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true" useBodyEncodingForURI="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\PROGRA~1\ATLASS~1\JIRA\jre\lib\security\.keystore" />

 

started the service and it worked.

next steps are to get the addins working under ssl and setup sldap.

Reply
0 votes
Jimmy Seddon
Jimmy Seddon
Community Champion
November 1, 2019

Hi @Norma Seddon,

Welcome to the Community!

Is there anymore to the error message you are getting?  Are you seeing something along the lines of: 

Caused by: java.io.FileNotFoundException: /var/root/.keystore (No such file or directory)

We ran into the above error while trying to get SSL configured correctly on our BitBucket server.  While this article is for Confluence, I think the suggestion is still valid for Jira and worth taking a look at:

https://confluence.atlassian.com/confkb/ssl-connector-fails-to-initialize-during-tomcat-startup-646251490.html

I hope that helps!

-Jimmy

View More Comments
Norma Seddon
Norma Seddon November 1, 2019

Hello,  

No i don't.  below is a portion of the log file where the 8443 is mentioned.  this is from the catalina log file.

01-Nov-2019 12:44:35.415 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [C:\Program Files\Atlassian\JIRA\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\oracle64\product\12.1.0\client_1\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;.]
01-Nov-2019 12:44:35.821 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
01-Nov-2019 12:44:35.821 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-jsse-nio-8443"]
01-Nov-2019 12:44:36.368 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:661)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
... 12 more
Caused by: java.lang.IllegalArgumentException: SSLHostConfig attribute certificateFile must be defined when using an SSL connector
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:115)

 

I don't see any errors in the atlassian-jira log file.

Like
Norma Seddon
Norma Seddon November 1, 2019

I did try the keystore parameters as well but it is possible they were incorrect.  I have them commented out for now but the values i had are below. i changed the files names just for the post.

 

<!-- KeyAlias="tomcat" SSLCertificateFile="C:\Program Files\Atlassian\JIRA\jre\lib\security\Generatedcertfile.cer"  keystorefile="C:\Program Files\Atlassian\JIRA\jre\lib\security\cacerts" keystorepass="password" --> <!-- keystoreType="cer"-->

Like
Jimmy Seddon
Jimmy Seddon
Community Champion
November 1, 2019

Hey Norma,

Ok cool!  So your actual error is: "SSLHostConfig attribute certificateFile must be defined when using an SSL connector"

I feel like you need to use forward "/" slashes instead of back "\" slashes.  Any chance you can give that a try and see if that helps.

-Jimmy

Like
Norma Seddon
Norma Seddon November 4, 2019

see answer

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.