TLS Certificate & SSL Handshake
- Peter Atthem
Owned by Peter Atthem
2024-11-13
1 min read
Loading data...
Integrations hub for Jira support both one-way TLS and two-way TLS (aka mutual TLS)
Enabling HTTPS on the server (one-way TLS)
When a remote server has one-way TLS enabled it requires iHub to have their certificate in the truststore. The default truststore of Java is used to send requests.
Import the remote servers cert into the java truststore used by Jira, normally located in /opt/atlassian/jira/jre/lib/security/cacerts
Note that restart of Jira server is needed to take affect.
Error returned when Jira server does not have the remote cert in the truststore.
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Example command to import cacerts
keytool -v -importcert -file server.cer -alias server -keystore /opt/atlassian/jira/jre/lib/security/cacerts -storepass changeit -noprompt
Â
Require the client to identify itself (two-way TLS)
Â
Error returned when Jira server does not have the remote cert in the truststore.
I/O error on GET request for "https://localhost:8443/api/hello":Received fatal alert: bad_certificate; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate