Internal gadgets displaying titles as __MSG

Problem

After upgrading Confluence, moving to another server or just updating the JDK/JRE, gadget titles appear as __MSG_gadget.xxxxxx.

The following appears in the atlassian-confluence.log

2017-08-04 10:12:34,771 ERROR [http-nio-443-exec-2] [renderer.internal.http.HttpClientFetcher] fetch Unable to perform a request to: https://localhost:443/rest/gadgets/1.0/g/messagebundle/en_GB/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected
 -- url: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

Diagnosis

Environment

  • SSL is enabled

Cause

The error message is caused by failed SSL connection due to missing certificate in the truststore.

During the upgrade, moving to another server or just updating the JDK/JRE, all SSL certificates will be overwritten if you are using the default cacerts truststore.

Resolution

Extract Confluence's certificate and import into the trust store. Commonly, the trust store is inside of the $JAVA_HOME variable:

  1. Extract the certificate from Confluence:

    openssl s_client -connect <confluence.url-or-confluence.ip>:<secure-port> < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt

    (info) Replace the <confluence.url-or-confluence.ip>:<secure-port> for the correct information, like confluence.example.com:443.

  2. Import the certificate into Confluence's cacert:

    $JAVA_HOME/bin/keytool -import -alias cert -keystore $JAVA_HOME/jre/lib/security/cacerts -file public.crt
  3. Restart Confluence
Last modified on Jan 8, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.