Problem communicating with Crowd due to CertificateExpiredException

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Fisheye/Crucible fails to connect to the external directory for user authentication, and the following appears in the atlassian-fisheye-<date>.log

2015-12-21 11:00:00,000 ERROR - Could not retrieve the authentication token
com.cenqua.fisheye.user.AuthenticationException: Problem communicating with Crowd
(...)
Caused by: com.atlassian.crowd.exception.OperationFailedException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
(...)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
(...)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
(...)
Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
(...)
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Mon Dec 21 09:00:00 EST 2015

Cause

The certificate used by the external user directory is expired.

Resolution

  1. Generate a new certificate for your external directory and configure it accordingly. You may use the following documents as a reference for the SSL configuration in Crowd and JIRA, respectively:
    1. Configuring Crowd to Work with SSL
    2. Running JIRA over SSL or HTTPS
  2. Import the new certificate into Fisheye/Crucible truststore, so it will trust the new cert and will be able to connect to the external user directory.
  3. Restart Fisheye/Crucible, then try connecting to the external user directory.
Last modified on Jul 31, 2018

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.