Confluence using PostgreSQL fails to startup with "Server name validation failed: certificate for host" error
Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.
Confluence may experience issues connecting with the PostgreSQL database if it's not properly configured. In our database setup guide, we don't explicitly mention how to configure the database with a certificate as this is detailed by the certifying authority (CA), however, it impacts the application usability so we are providing steps to resolve this specific error.
The following message is seen when accessing Confluence:
Confluence Server and Data Center
PostgreSQL with SSL
Confluence doesn't start properly and we see an error message in the browser. To investigate the error, we analyze the atlassian-confluence.log file, in this log, we will find database errors related to the issue:
2020-12-14 06:27:35,640 ERROR [Catalina-utility-1] [org.postgresql.ssl.PGjdbcHostnameVerifier] verify Server name validation failed: certificate for host confluence.wiki.com dNSName entries subjectAltName, but none of them match. Assuming server name validation failed 2020-12-14 06:27:36,041 ERROR [Catalina-utility-1] [confluence.impl.health.DefaultHealthCheckRunner] logEvent Database connection failed 2020-12-14 06:27:36,043 ERROR [Catalina-utility-1] [confluence.impl.health.DefaultHealthCheckRunner] logEvent Confluence failed to establish a connection to your database. This could be because: - Your database isn't running - The configuration of your confluence.cfg.xml file is incorrect (user, password, or database URL etc.) - There is a network issue between Confluence and your database (e.g. firewall, database doesn't allow remote access etc.) There are several other solutions you can try, review our documentation and see what works for you.
The error above indicates that the certificate used in PostgreSQL does not include the confluence.wiki.com domain name and due to this, the application won't be able to connect to the database and will fail to startup.
The certificate used in PostgreSQL does not include the confluence.wiki.com domain name.
We recommend working with your certifying authority to generate new certificates that correspond with the domain name of your server presented in the error.
As contacting the CA may take some time and we need to start Confluence right away we can tell Confluence to ignore the server name validation error by following the steps below:
- Stop Confluence if it is running
- Edit <confluence_home>/confluence.cfg.xml file
- Find the line that starts with <property name="hibernate.connection.url">
Append the following to the JDBC connection string:
- Save the resulting file
- Start Confluence
This change to the JDBC connection string tells Confluence to use an SSL factory to create a connection that does not validate the domain name, which would allow us to connect to the database.