javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Please note that Atlassian Support does not provide troubleshooting for SSL certificates as describe by our support offering here:

Atlassian products interface with a variety of technologies. Front-end solutions like Web Servers (eg Apache HTTP Server), load balancers, single sign-on solutions (SSO), SSL certificates and LDAP repositories add functionality that is often critical to functioning of our products.

Atlassian will endeavour to provide documentation for integration with these 3rd party applications but does not provide support for 3rd party applications. We are unable to provide support when a failure in a 3rd party application occurs.

Problem

You have already imported the target server's certificate into Confluence's keystore, as described in Connecting to LDAP or Jira applications or Other Services via SSL.

The following appears in the atlassian-confluence.log:

org.springframework.ldap.CommunicationException: server:636; nested 
exception is javax.naming.CommunicationException: server:636 [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure]

Cause

The CA's intermediate certificates are not imported into Confluence's keystore. For example: https://support.globalsign.com/customer/portal/articles/1211591-trusted-root-intermediate-certificates (GlobalSign), or this: https://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-tomcat-4-x5-x6-x7-x (for GoDaddy, refer to the section under "Installing Your SSL in Tomcat").

Resolution

  • Follow your CA's instructions to import the intermediate certs into Confluence's keystore. You may need to contact your CA's support for further assistance, as this is beyond the scope of Atlassian Support

Description

This page covers how to resolve SSL handshake issues caused because the intermediate keystores have not been installed into Confluence's keystore.

ProductConfluence
Last modified on Oct 16, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.