Application link creation failure in Fisheye/Crucible - certificate_unknown
Symptoms
The setup of application link fails between Fisheye/Crucible and JIRA and the following appears in the atlassian-fisheye-YYYY-MM-DD.log:
2013-02-22 09:53:10,631 WARN [btpool0-36 ] org.mortbay.log Slf4jLog-warn - EXCEPTION
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1839)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1019)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
Diagnosis
- Application link setup using insecure protocol succeeds without issues.
- Certificates for each server have been imported into the opposing applications installed Java keystore
cacerts. - SSLPoke (see PKIX Path Building Failed - Cannot Set Up Trusted Applications To SSL Services) identifies successful connection:
[bill@jira ~]$ java SSLPoke fisheye.atlas.com 8843
Successfully connected
[bill@fisheye]# java SSLPoke jira.atlas.com 443
Successfully connectedCause
JIRA is bundled with its own JVM which references its own cacerts keystore.
Resolution
Determine which instance of Java is running JIRA and import the server certificates into the correct keystore:
- JIRA
Administration > System Information - Search the page for "java.home" to determine the location of Java.
Last modified on Oct 10, 2022
Powered by Confluence and Scroll Viewport.