TLS and Certificates
To establish connections it is some times necessary to sen the truststore to the remote server to identify the sender. This is done in iHub by toggle the Certificate select list and choosing one of the following;
TLS (one-way)
Mutual TLS (two-way)
Â
Enabling one-way TLS
If the remote server requires the certificate to be sent with the call then you need to import it into the keystore used by the JVM that Jira uses. This is usually /opt/atlassian/jira/jre/lib/security/cacerts
Import the remote servers cert file into the keystore, this is called the truststore and enables iHub to trust the cert.
Import is done using keytool, example command
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore cacerts
If the cert is not in the truststore you will gen an error like below:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Require the client to identify itself (two-way TLS)
This will force the client to identify itself, and in that way, the server can also validate the identity of the client and whether or not it is a trusted one.Â
Troubleshooting
Test that you get an OK connection using SSLPoke from Atlassian Unable to Connect to SSL Services Due to 'PKIX Path Building Failed' Error in Jira Datacenter and Server | Atlassian Support | Atlassian Documentation
Verify the cert is in the truststore
Go to Logging and profiling add a new log se.rixter with DEBUG as log level, execute an iHub action and check the logs.
Guide for SSL cert imports
https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
https://knowledge.broadcom.com/external/article/136370/create-a-keystore-using-openssl.html