Summary

When trying to run the Jira Cloud Migration Assistant (JCMA) or Confluence Cloud Migration Assistant (CCMA) to migrate from Server to Cloud, sometimes it fails with a HTTP 500 and the following message appears stating there are possible issues with the certificate:

2021-10-14 14:53:57,645-0400 http-nio-8080-exec-19 ERROR [c.a.j.web.servlet.InternalServerErrorServlet] {errorId=341133fb-ffa0-4326-825b-43d2928a09e5, interpretedMsg=, cause=com.atlassian.jira.migration.httpclient.exceptions.HttpCommunicationException: An error occurred when requesting against resource https://api-private.atlassian.com/migration/jira/sitedetails: Certificate for <api-private.atlassian.com> doesn't match any of the subject alternative names: [*.atlassian.net, atlassian.net]

Environment

This message applies for Jira Cloud Migration Assistant (JCMA) and Confluence Cloud Migration Assistant (CCMA).

• From Server to Cloud

Diagnosis

Other than allow-listing the IPs and domains mentioned in the document Pre-Checks - Update your Firewall Allowance Rules, below domains used by JCMA/CCMA require clients to use SNI (Server Name Indication) for proper SSL/TLS communication:

• https://api.media.atlassian.com
• https://api-private.atlassian.com
• https://marketplace.atlassian.com
• https://api.atlassian.com
• https://s3.us-west-2.amazonaws.com

Cause

Java 7 introduced support for SNI (Server Name Indication) and it comes enabled by default. For several reasons, some servers might have SNI (Server Name Indication) disabled.

Solution

Make sure SNI (Server Name Indication) is enabled in the server. If the server is on Java 7 or higher, SNI should be enabled by default. Review if property jsse.enableSNIExtension is set to true on the Startup Parameters as per Setting Properties and Options on Startup or it is removed. For example:

JVM_SUPPORT_RECOMMENDED_ARGS="-Djsse.enableSNIExtension=true"