The {rss}, {jiraissues} or {html-include} macros fail when retrieving data from SSL (https) serversConfluence is deployed on Linux, and pages containing these macros fail to load, or load very slowlyIf Confluence is deployed on Linux, and you experience time-outs or slow page loads when accessing pages that cuase SSL-protected resources to be loaded, it could be because Linux is not generating secure random numbers fast enough, and Java is blocking waiting for more to be generated. If this is the problem, apply the following fix:
More information is available here: CONF-2848. (You could also install dedicated cryptographic hardware into your server that guarantees fast secure random number generation, but that might be overkill Confluence does not accept the authority of the server's signing certificateIf Confluence is displaying or logging errors related to not being able to verify the certificate of an SSL/https server, then it may be that the SSL server certificates are not signed by an authority recognised by Confluence's Java environment. In this event you will need to add the signing authority of the server's SSL certificate to Java's store of trusted signers. You can find further instructions here: Troubleshooting this issueA sample stacktrace from a thread dump will look like this: "Thread-3693" daemon prio=1 tid=0x081943b8 nid=0x618d runnable [0x94a7e000..0x94a7ef60] at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:129) at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293) at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:723) - locked <0xbb360dc8> (a java.lang.Object) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:680) at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75) - locked <0xbb360e80> (a com.sun.net.ssl.internal.ssl.AppInputStream) at java.io.BufferedInputStream.fill(BufferedInputStream.java:218) at java.io.BufferedInputStream.read1(BufferedInputStream.java:256) at java.io.BufferedInputStream.read(BufferedInputStream.java:313) - locked <0xbb360e98> (a java.io.BufferedInputStream) at com.sun.jndi.ldap.Connection.run(Connection.java:784) at java.lang.Thread.run(Thread.java:595) |
)
Comments (2)
Mar 21, 2007
Matt Shepherd says:
It may be helpful to mention information related to keytool and cacerts with reg...It may be helpful to mention information related to keytool and cacerts with regards to the second heading (Confluence does not accept the authority of the server's signing certificate).
An example of such information can be found here:
http://www.hp.com/products1/unix/java/infolibrary/install_verisign.html
Or am I offbase here?
May 03, 2007
David Chui says:
Thank you for sharing with us the resource. You're not off-base. However, we do ...Thank you for sharing with us the resource. You're not off-base. However, we do have a similar document. Despite the document is parked under the JIRA space, it can be "adapted" to Confluence.
Regards,
David
Add Comment