Unable to connect to database with SSL enabled during Jira setup

Related content

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

In Jira, when testing the database connection to PostgreSQL with SSL enabled, you may receive an error message:


The following appears in the catalina.log:

2018-05-27 15:25:48,747 http-nio-8080-exec-1 ERROR anonymous 925x38x1 92lmp6 10.53.222.101 /secure/SetupDatabase!connectionCheck.jspa [c.a.config.bootstrap.DefaultAtlassianBootstrapManager] Could not successfully test your database: 
org.postgresql.util.PSQLException: Something unusual has occurred to cause the driver to fail. Please report this exception.
	at org.postgresql.Driver.connect(Driver.java:275)
	at java.sql.DriverManager.getConnection(DriverManager.java:664)
	at java.sql.DriverManager.getConnection(DriverManager.java:247)
	at com.atlassian.config.bootstrap.DefaultAtlassianBootstrapManager.getTestDatabaseConnection(DefaultAtlassianBootstrapManager.java:347)
	at com.atlassian.jira.config.database.JdbcDatasource.getConnection(JdbcDatasource.java:211)
	at com.atlassian.jira.config.database.DatabaseConfig.testConnection(DatabaseConfig.java:87)
	at com.atlassian.jira.web.action.setup.SetupDatabase.testConnection(SetupDatabase.java:225)
	at com.atlassian.jira.web.action.setup.SetupDatabase.doValidation(SetupDatabase.java:189)
	at com.atlassian.jira.web.action.setup.SetupDatabase.doConnectionCheck(SetupDatabase.java:121)
	... 3 filtered
	at java.lang.reflect.Method.invoke(Method.java:498)
	at webwork.util.InjectionUtils$DefaultInjectionImpl.invoke(InjectionUtils.java:70)
	at webwork.util.InjectionUtils.invoke(InjectionUtils.java:56)
	... 2 filtered
	at com.atlassian.jira.action.JiraActionSupport.execute(JiraActionSupport.java:63)
	... 7 filtered
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
	... 49 filtered
	at com.atlassian.jira.security.JiraSecurityFilter.lambda$doFilter$2(JiraSecurityFilter.java:78)
	... 1 filtered
	at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:76)
	... 28 filtered
	at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
	... 27 filtered
	at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
	... 26 filtered
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
	at org.apache.log4j.CategoryKey.<init>(CategoryKey.java:32)
	at org.apache.log4j.Hierarchy.getLogger(Hierarchy.java:266)
	at org.apache.log4j.Hierarchy.getLogger(Hierarchy.java:247)
	at org.apache.log4j.LogManager.getLogger(LogManager.java:228)
	at org.apache.log4j.Logger.getLogger(Logger.java:104)
	at java.util.logging.Logger.log(Logger.java:738)
	at org.postgresql.core.v3.ConnectionFactoryImpl.log(ConnectionFactoryImpl.java:317)
	at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:261)
	at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
	at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
	at org.postgresql.Driver.makeConnection(Driver.java:452)
	at org.postgresql.Driver.connect(Driver.java:254)
	... 164 more

Cause

It is currently not possible to force the SSL connection to the database from the Jira Web UI. This is being tracked in the following feature request: JRASERVER-67403 - Add option to create an ssl connection to db during setup.

Resolution

You will need to manually edit the dbconfig.xml to force the SSL connection.

  • Stop Jira
  • Edit the dbconfig.xml (located at the jira-home directory) as follows:
    For JIRA 7.13 / postgreSQL driver below version 42.2.5: Add the following parameter to the JDBC URL parameter: ssl=true
    For JIRA 8.5 / postgreSQL driver above version 42.2.5: Add the following parameter to the JDBC URL parameter: sslmode=require
  • Start Jira

Sample of JDBC URL

JIRA 7.13 / postgreSQL driver below version 42.2.5:

<url>jdbc:postgresql://DB-Server:5432/jiradb?ssl=true</url>


For JIRA 8.5 / postgreSQL driver above version 42.2.5:

<url>jdbc:postgresql://DB-Server:5432/jiradb?sslmode=require</url>

depending on the setup the following URLs may need to be used:

<url>jdbc:postgresql://DB-Server:5432/jiradb?sslmode=prefer</url>
<url>jdbc:postgresql://DB-Server:5432/jiradb?sslmode=allow</url>



*Note that the "?" demarcates the end of the database name and the beginning of the database connection parameters. If you already have connection parameters, you will add a ";ssl=true" instead of "?ssl=true".

*Note for a full explanation of the sslmode and the different options for it, see Postgres SQL Documentation Configuring the Client

In case the dbconfig.xml file is not yet present, you can create this file via Startup check: Creating and editing the dbconfig.xml file


dbconfig.xml

Sample of the dbconfig.xml for PostgreSQL database:

<jira-database-config>
  <name>defaultDS</name>
  <delegator-name>default</delegator-name>
  <database-type>postgres72</database-type>
  <schema-name>public</schema-name>
  <jdbc-datasource>
    <url>jdbc:postgresql://DB-Server:5432/jiradb?ssl=true</url>
    <driver-class>org.postgresql.Driver</driver-class>
    <username>dbuser</username>
    <password>password</password>
    <pool-min-size>20</pool-min-size>
    <pool-max-size>20</pool-max-size>
    <pool-max-wait>30000</pool-max-wait>
    <pool-max-idle>20</pool-max-idle>
    <pool-remove-abandoned>true</pool-remove-abandoned>
    <pool-remove-abandoned-timeout>300</pool-remove-abandoned-timeout>

    <validation-query>select version();</validation-query>
    <min-evictable-idle-time-millis>60000</min-evictable-idle-time-millis>
    <time-between-eviction-runs-millis>300000</time-between-eviction-runs-millis>

    <pool-test-on-borrow>false</pool-test-on-borrow>
    <pool-test-while-idle>true</pool-test-while-idle>

  </jdbc-datasource>
</jira-database-config>


(info) In some cases, force the SSL connection to the database could lead to Collation not being detected. This is being tracked in this bug report: JRASERVER-46026 - JIRA is unable to check collation on certain JDBC URLs.


Last modified on Jan 31, 2025

Was this helpful?

Yes
No
Provide feedback about this article

Related content

Powered by Confluence and Scroll Viewport.