After starting Bitbucket, bundled ElasticSearch service fails to start with: lengthTag=63, too big

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Data Center Only - This article only applies to Atlassian products on the data center platform.

Summary

After a Bitbucket restart, the code search does not work anymore.

Environment

  • Bitbucket 7.6.4
  • Bitbucket with bundled elasticsearch

Diagnosis

Elasticsearch logs (bitbucket_search.log) show the following error:

[2022-01-20T20:06:51,900][ERROR][o.e.b.Bootstrap          ] [bitbucket_bundled]Exception
org.elasticsearch.common.ssl.SslConfigException: failed to initialize a TrustManager for the system keystore
    at org.elasticsearch.common.ssl.DefaultJdkTrustConfig.createTrustManager(DefaultJdkTrustConfig.java:70) ~[?:?]
    at org.elasticsearch.common.ssl.SslConfiguration.createSslContext(SslConfiguration.java:136) ~[?:?]

Caused by: java.security.KeyStoreException: problem accessing trust store
    at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:73) ~[?:?]
    at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:278) ~[?:?]
    at org.elasticsearch.common.ssl.KeyStoreUtil.createTrustManager(KeyStoreUtil.java:151) ~[?:?]
    at org.elasticsearch.common.ssl.DefaultJdkTrustConfig.createTrustManager(DefaultJdkTrustConfig.java:68) ~[?:?]
    ... 24 more
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=63, too big.

The same error may be present in Bitbucket, although the application starts as usual.

Cause

There is a similar error outlined in the Java Certificate Issue - IOException: DerInputStream.getLength(): lengthTag=109, too big article which points to a misconfiguration in the keystore.
This error could also be related due to a misconfiguration with SSL parameters in bitbucket.properties file. 

Solution

  1. Follow the article above and fix any issues that you may have with keystore.
  2. Review Bitbucket SSL configuration and make sure it follows the recommendation from the Secure Bitbucket with Tomcat using SSL document.

Last modified on Jan 28, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.