Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

root certificate is showing not trusted even after updating the certificate in the server

ramani_chandran
ramani_chandran
Contributor
May 21, 2018

the certificate is a SAN certificate and it is uploaded in the keystore configured at Djavax.net.ssl.trustStore=/path/to/keystore and also i have imported in the system-wide keystore also in $JAVA_HOME/jre/lib/security/cacerts.Then i restarted the server,even then it was not working,showing the error like the root certificate is not in the trusted root authorities store. 

Answer
Watch
Like Be the first to like this
1322 views

1 answer

0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 25, 2018

Could you try to follow the steps in Unable to Connect to SSL Services due to PKIX Path Building Failed?   I'm not sure you're seeing that specific error here yet or not, but I'd like you to try to use the SSLpoke utility listed there to try to connect to this same SSL service from the server running Jira.  I'm interested to see what results you get back.

Did you follow the steps listed in Connecting to SSL services?  I am interested to learn more about your specific problem and the steps you have taken so far here.

View More Comments
ramani_chandran
ramani_chandran
Contributor
May 28, 2018

Thanks for your reply on this issue Andrew..

I have tried the Connecting to SSL services article and imported the certificates and restarted the application,still the error did not get resolved.

But when asking the jira support team about the sslpoke test,they told that from the logs which i have sent,it is not required to run the sslpoke.

But now i wish to try that too to see the connectivity issue.kindly help me in installing that sslpoke class file,actually i tried by entering the download url in the server but it gave connection timed out error.

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 30, 2018

I'm not sure why you might not be able to download that file, but I posted it to my google share drive as well, you should also be able to download this class file from this link:

https://drive.google.com/file/d/1X5eobuFPDPk6pJwr2xKYQ9FGiFt4Pkqu/view?usp=sharing

I would recommend that you try to run that utility directly on the Jira Server first, and do so from the Java installation directory that Jira is using to start up.   If you have defined a $JAVA_HOME variable on your system this can help make it more clear exactly where Java is installed, which java Jira is using, and set a standard location of the keystore.   If you have not done this yet, I would recommend doing so per the steps in Installing Java

This way when you test with sslpoke utility, it can then use the same keystore Jira is using.  This will help us better understand if the problem is with the certificates in the keystore, or something else.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.