Jira does not start after upgrading from Jira 7.x to 8.x due to a database SSL configuration issue

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Problem

Jira configured to connect the PostgreSQL database over SSL does not start after upgrading to v8.x. The following error is thrown in the application logs:


2019-11-21 14:30:50,228 localhost-startStop-1 INFO      [c.a.j.config.database.SystemDatabaseConfigurationLoader] Reading database configuration from /var/atlassian/application-data/jira/dbconfig.xml
2019-11-21 14:30:50,270 localhost-startStop-1 INFO      [c.a.j.config.database.DatabaseConfigHandler] Trying to get encrypted password from xml and decrypt it
2019-11-21 14:30:50,271 localhost-startStop-1 INFO      [c.a.j.config.database.DatabaseConfigHandler] Database password decryption not performed.
2019-11-21 14:30:50,886 localhost-startStop-1 ERROR      [c.a.config.bootstrap.DefaultAtlassianBootstrapManager] Could not successfully test your database: 
org.postgresql.util.PSQLException: Could not open SSL root certificate file /home/jira/.postgresql/root.crt.
        at org.postgresql.ssl.LibPQFactory.<init>(LibPQFactory.java:120)
        at org.postgresql.core.SocketFactoryFactory.getSslSocketFactory(SocketFactoryFactory.java:61)
        at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:33)
        at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:441)
        at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:94)
        at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
        at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
        at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
        at org.postgresql.Driver.makeConnection(Driver.java:458)
        at org.postgresql.Driver.connect(Driver.java:260)
        at java.sql.DriverManager.getConnection(DriverManager.java:664)
        at java.sql.DriverManager.getConnection(DriverManager.java:247)
        at com.atlassian.config.bootstrap.DefaultAtlassianBootstrapManager.getTestDatabaseConnection(DefaultAtlassianBootstrapManager.java:347)
        at com.atlassian.jira.config.database.JdbcDatasource.getConnection(JdbcDatasource.java:219)
        at com.atlassian.jira.config.database.DatabaseConfig.testConnection(DatabaseConfig.java:88)
        at com.atlassian.jira.health.checks.DbConfigurationAndConnectionCheck.doPerform(DbConfigurationAndConnectionCheck.java:60)
        at com.atlassian.jira.health.HealthCheckTemplate.perform(HealthCheckTemplate.java:23)
        at com.atlassian.jira.health.DefaultHealthCheckExecutor.runCheck(DefaultHealthCheckExecutor.java:74)
        at com.atlassian.jira.health.DefaultHealthCheckExecutor.lambda$applyAndCollectExceptions$1(DefaultHealthCheckExecutor.java:53)
        at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
        at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
        at java.util.Iterator.forEachRemaining(Iterator.java:116)
        at java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
        at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
        at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
        at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151)
        at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174)
        at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
        at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418)
        at com.atlassian.jira.health.DefaultHealthCheckExecutor.applyAndCollectExceptions(DefaultHealthCheckExecutor.java:53)
        at com.atlassian.jira.health.DefaultHealthCheckExecutor.performHealthChecks(DefaultHealthCheckExecutor.java:42)
        at com.atlassian.jira.health.HealthChecks.executeChecksAndRecordResults(HealthChecks.java:164)
        at com.atlassian.jira.health.HealthChecks.runHealthChecks(HealthChecks.java:154)
        at com.atlassian.jira.health.HealthChecks.runHealthChecks(HealthChecks.java:66)
        at com.atlassian.jira.startup.BootstrapContainerLauncher.start(BootstrapContainerLauncher.java:48)
        at com.atlassian.jira.startup.DefaultJiraLauncher.preDbLaunch(DefaultJiraLauncher.java:117)
        at com.atlassian.jira.startup.DefaultJiraLauncher.lambda$start$0(DefaultJiraLauncher.java:103)
        at com.atlassian.jira.util.devspeed.JiraDevSpeedTimer.run(JiraDevSpeedTimer.java:31)
        at com.atlassian.jira.startup.DefaultJiraLauncher.start(DefaultJiraLauncher.java:102)
        at com.atlassian.jira.startup.LauncherContextListener.initSlowStuff(LauncherContextListener.java:154)
        at com.atlassian.jira.startup.LauncherContextListener.initSlowStuffInBackground(LauncherContextListener.java:139)
        at com.atlassian.jira.startup.LauncherContextListener.contextInitialized(LauncherContextListener.java:101)
        ... 5 filtered
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.FileNotFoundException: /home/jira/.postgresql/root.crt (No such file or directory)
        at java.io.FileInputStream.open0(Native Method)
        at java.io.FileInputStream.open(FileInputStream.java:195)
        at java.io.FileInputStream.<init>(FileInputStream.java:138)
        at java.io.FileInputStream.<init>(FileInputStream.java:93)
        at org.postgresql.ssl.LibPQFactory.<init>(LibPQFactory.java:117)

Diagnosis

Environment

  • Jira 8.x with bundled Postgres JDBC driver version 42.2.5 and over.

Diagnostic Steps

  • <Jira_HOME>/dbconfig.xml file has ssl=true parameter in the connection settings:

    <url>jdbc:postgresql://jiradbURL:5432/jiradb?ssl=true</url>

Cause

Change Log for Postgres JDBC v42.2.5 indicates that ssl=true implies sslmode=verify-full which validates that the certificate is correct and verify the host connected to has the same hostname as the certificate. As there is no pre-defined certificate by default, Jira is trying to find ~/.postgresql/root.crt file and fails with the error above.

Resolution

Setting sslmode parameter to require (Atlassian recommended), allow or prefer defaults to a non-validating SSL factory and does not check the validity of the certificate or the hostname whereas verify-full will validate that the certificate is correct and verify the host connected to has the same hostname as the certificate. Please check Connecting to Database for reference.

<url>jdbc:postgresql://jiradbURL:5432/jiradb?sslmode=require</url>
<url>jdbc:postgresql://jiradbURL:5432/jiradb?sslmode=prefer</url>
<url>jdbc:postgresql://jiradbURL:5432/jiradb?sslmode=allow</url>


Unable to connect to the database with SSL enabled during Jira setup


Last modified on Nov 23, 2020

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.