Certificate for api-private.atlassian.com doesn't match any of the subject alternative names

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When trying to run the Jira Cloud Migration Assistant (JCMA) or Confluence Cloud Migration Assistant (CCMA) to migrate from Server to Cloud, sometimes it fails with a HTTP 500 and the following message appears stating there are possible issues with the certificate:

1 2021-10-14 14:53:57,645-0400 http-nio-8080-exec-19 ERROR [c.a.j.web.servlet.InternalServerErrorServlet] {errorId=341133fb-ffa0-4326-825b-43d2928a09e5, interpretedMsg=, cause=com.atlassian.jira.migration.httpclient.exceptions.HttpCommunicationException: An error occurred when requesting against resource https://api-private.atlassian.com/migration/jira/sitedetails: Certificate for <api-private.atlassian.com> doesn't match any of the subject alternative names: [*.atlassian.net, atlassian.net]

Environment

This message applies to Jira Cloud Migration Assistant (JCMA) and Confluence Cloud Migration Assistant (CCMA).

  • From Server to Cloud

Diagnosis

Other than allow-listing the IPs and domains mentioned in the document Pre-Checks - Update your Firewall Allowance Rules, below domains used by JCMA/CCMA require clients to use SNI (Server Name Indication) for proper SSL/TLS communication:

Cause

Java 7 introduced support for SNI (Server Name Indication) and it comes enabled by default. For several reasons, some servers might have SNI (Server Name Indication) disabled.

Solution

Make sure SNI (Server Name Indication) is enabled in the server. If the server is on Java 7 or higher, SNI should be enabled by default. Review if property jsse.enableSNIExtension is set to true on the Startup Parameters as per Setting Properties and Options on Startup or it is removed. For example:

1 JVM_SUPPORT_RECOMMENDED_ARGS="-Djsse.enableSNIExtension=true"

Updated on March 24, 2025
Platform
Data Center only
Products
Jira Software Data Center
Confluence Data Center
Apps
Jira Cloud Migration Assistant
Confluence Cloud Migration Assistant
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community