'Can't get a secure connection' error on Jira Data Center and Server mobile app

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

The Jira Data Center and Server mobile app throws the following error when a user tries to connect it to an existing Jira server site:

Can't get a secure connection

Either there's a problem with your site's certificate, or you need to install the certificate on your device. 


Cause

The errors above appear when you've entered a HTTPS address, but the app can't get a HTTPS connection to your site. 

This may be because:

  • your certificate is self signed.
  • the Certificate Authority (CA) is unknown, or is not one that Android / iOS trusts by default  (for example it might be a new CA that is not yet trusted, or a private CA).
  • your certificate is missing an intermediate CA, affecting the certificate chain.
  • your site has HTTPS enabled, but your proxy is not configured to allow TLS 1.2 traffic
  • you're accessing the app on an iOS device and your certificate does not meet Apple's certificate requirements.

Resolution

tip/resting Created with Sketch.

Not an admin? Send this page to your Jira administrator and ask them to look into the problem for you.

The resolution will depend on the cause of your problem. 

HTTPS

Although you can log in with HTTP, in most circumstances we would recommend enabling HTTPS on your Jira site. 

Tell me how to do this...

There are two main ways you can do this:

To prevent disruptions to your site, we recommend testing these changes in a staging environment first. 

Certificate issues

If your site uses a self-signed certificate, rather than one from a recognised Certificate Authority, you'll need to install the certificate on your device, in order to log in.  Be careful, and always check with your administrator or IT team to make sure you're obtaining the certificate from the right place.

Some browsers will warn you that a site's certificate is self-signed, or from an unknown Certificate Authority, but still allow you to view the site. Even if you've done this, and are able to view the site on your browser, you'll still need to install the certificate in order to log into your site using the app.

Manually install your certificate on an iOS device

To install a certificate on your iPhone, iPad or other iOS device:

  1. Access the certificate on your device (for example, download it from a location provided by your admin, or open it from an email). 
  2. The Install Profile screen will appear. Check the certificate details are correct (1) then tap Install (2). 



  3. A warning will appear. Tap Install again.
  4. The certificate will be shown as Verified on the Profiles and Device Management screen. 
  5. On your device go to Settings > General > About > Certificate Trust Settings
  6. Your new certificate will be listed. Tap to enable it (1). 
     

     
  7. You should now be able to log in to your Jira site using the Jira Data Center and Server app. 

These instructions are for iOS 11. Your version may differ. See https://support.apple.com/en-au/HT204477 for more information. 

Manually install your certificate on an Android device

To install a certificate on your Android phone or tablet:

  1. Access the certificate on your device (for example, download it from a location provided by your admin, or open it from an email).
  2. When prompted, name the certificate (1). This example is for Confluence, but the steps are the same.  



  3. Follow the prompts to install the certificate (2). 
  4. You can verify that the certificate has been installed at Settings > Security > Trusted Credentials > User (1).

These instructions are for Android 7.0.  Your version, or device's implementation, might differ. See https://support.google.com/nexus/answer/2844832?hl=en for more information. 

If you're still unable to connect after installing the certificate on your device, ask your admin to check that the following extension is declared in the certificate file:

X509v3 extensions:
  X509v3 Basic Constraints:
    CA:TRUE

Other certificate problems

If you are using a certificate from a Trusted Authority, you'll need to investigate why your certificate is not trusted by the device, as there may be an issue in the certificate chain. One example of this is serving an incomplete certificate chain.

The Security and SSL page in the Android developer documentation provides a more detailed explanation of the common problems encountered when verifying certificates.  You can also check the Lists of available trusted root certificates in iOS, for the list of trusted root certificates preinstalled with iOS.  

Apple also introduced additional security requirements in iOS 13. If people in your team will be using the app on an iOS device, your certificate will need to meet these requirements.  See Requirements for trusted certificates in iOS 13


TLS protocol

If you're using HTTPS, your proxy must allow TLS 1.2 traffic. This is an iOS requirement that we've chosen to implement for both the iOS and Android apps to prevent confusion (for example where one device can log in, and another cannot).

Many proxies allow TLS 1.2 by default, but some may require you to explicitly specify it in your proxy configuration.  Alternatively, if your current configuration is from a few years ago, it may not have been updated to specify TLS 1.2. 


Last modified on May 18, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.