Error handling trusted applications authentication attempt - OLD_CERT, Certificate too old
Symptoms
When linking Fisheye/Crucible with JIRA the following error can be seen in fisheye-debug-<DATE>.log
:
2012-10-12 15:26:04,206 WARN [btpool0-53 ] com.atlassian.security.auth.trustedapps.filter.TrustedApplicationFilterAuthenticator com.atlassian.security.auth.trustedapps.filter.TrustedApplicationFilterAuthenticator-authenticate - Failed to login trusted application: jira:7571355 due to: com.atlassian.security.auth.trustedapps.CertificateTooOldException: Certificate too old. Application: jira:7571355 Certificate Created: Fri Oct 12 15:25:47 MSK 2012 Timeout: 10000
2012-10-12 15:26:04,206 WARN [btpool0-48 ] com.atlassian.security.auth.trustedapps.filter.TrustedApplicationFilterAuthenticator com.atlassian.security.auth.trustedapps.filter.TrustedApplicationFilterAuthenticator-authenticate - Failed to login trusted application: jira:7571355 due to: com.atlassian.security.auth.trustedapps.CertificateTooOldException: Certificate too old. Application: jira:7571355 Certificate Created: Fri Oct 12 15:25:47 MSK 2012 Timeout: 10000
2012-10-12 15:26:04,206 ERROR [btpool0-53 ] com.atlassian.fisheye.trustedapplications.FisheyeAuthenticationListener com.atlassian.fisheye.trustedapplications.FisheyeAuthenticationListener-authenticationError - Error handling trusted applications authentication attempt:OLD_CERT; Certificate too old. Application: {0} Certificate Created: {1} Timeout: {2}; ["jira:7571355","Fri Oct 12 15:25:47 MSK 2012","10000"]
2012-10-12 15:26:04,206 ERROR [btpool0-48 ] com.atlassian.fisheye.trustedapplications.FisheyeAuthenticationListener com.atlassian.fisheye.trustedapplications.FisheyeAuthenticationListener-authenticationError - Error handling trusted applications authentication attempt:OLD_CERT; Certificate too old. Application: {0} Certificate Created: {1} Timeout: {2}; ["jira:7571355","Fri Oct 12 15:25:47 MSK 2012","10000"]
Cause
There are three possible causes for this behavior:
- The system clocks on the servers are not set to the same time.
- Network latency between the server running Fisheye/Crucible and the server running JIRA.
- The certificates have expired.
Resolution
According to the causes above there are three resolutions:
- Synchronize both servers so that they have the same time. If the servers are in different timezones, ensure that their OS timezones are set correctly. Use a NTP time server if the clocks are going out of sync very often.
- Check the network latency. If network latency cannot be be addressed, increase the certificate timeout value in the application link (e.g. from 10000 to 60000).
- Create or obtain another certificate and configure it in JIRA. This new certificate must be imported into the Fisheye/Crucible keystore (e.g.
/lib/security/cacerts
file).
Last modified on Nov 2, 2018
Powered by Confluence and Scroll Viewport.