To establish connections it is some times necessary to sen the truststore to the remote server to identify the sender. This is done in iHub by toggle the Certificate select list and choosing one of the following;
TLS (one-way)
Mutual TLS (two-way)
Enabling one-way TLS
If the remote server requires the certificate to be sent with the call then you need to import it into the keystore used by the JVM that Jira uses. This is usually /opt/atlassian/jira/jre/lib/security/cacerts
Import the remote servers cert file into the keystore, this is called the truststore and enables iHub to trust the cert.
Import is done using keytool, example command
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore cacerts
If the cert is not in the truststore you will gen an error like below:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Require the client to identify itself (two-way TLS)
This will force the client to identify itself, and in that way, the server can also validate the identity of the client and whether or not it is a trusted one.
The server is also not aware of the newly created truststore. Therefore, import the Jira cert into the servers truststore.
Guide for SSL cert imports
https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html