SSL certificate errors on OS X 10.11.x when using internally signed CA certs
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When using an internally signed SSL certificate in Hipchat Server, the Hipchat OS X desktop app complains of a certificate error. This is an issue specific to OS X 10.11.x
Diagnosis
Environment
- Hipchat Server 2.1.3 +
- Hipchat OS X desktop client 4.29.x (running OS X 10.11.x - El Capitan)
Diagnostic Steps
- Verify that the root certificate for the internally signed cert is installed in 'login' section of keychain access on the local machine.
- On login, verify that the Hipchat OS X desktop client is throwing a certificate error.
Cause
While the exact root cause is unclear, the Hipchat OS X desktop app seems to ignore that the internally signed CA root is trusted in OS X 10.11 (El Capitan) machines. This is especially prevalent after the SSL certificate chain has been changed in the Hipchat Server recently.
Resolution
There are two possible workarounds:
- Move the internally signed CA root certificate to the 'System Roots' keychain under keychain access in system preferences on the local machine.
- Update your machine to the latest OS X version
Always back up your data before performing any modifications to the database. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.