Problem communicating with Crowd due to CertificateExpiredException

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Problem

Fisheye/Crucible fails to connect to the external directory for user authentication, and the following appears in the atlassian-fisheye-<date>.log

2015-12-21 11:00:00,000 ERROR - Could not retrieve the authentication token
com.cenqua.fisheye.user.AuthenticationException: Problem communicating with Crowd
(...)
Caused by: com.atlassian.crowd.exception.OperationFailedException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
(...)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
(...)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
(...)
Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
(...)
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Mon Dec 21 09:00:00 EST 2015

Cause

The certificate used by the external user directory is expired.

Resolution

  1. Generate a new certificate for your external directory and configure it accordingly. You may use the following documents as a reference for the SSL configuration in Crowd and JIRA, respectively:
    1. Configuring Crowd to Work with SSL
    2. Running JIRA over SSL or HTTPS
  2. Import the new certificate into Fisheye/Crucible truststore, so it will trust the new cert and will be able to connect to the external user directory.
  3. Restart Fisheye/Crucible, then try connecting to the external user directory.
Last modified on Jul 31, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.