Plugin updates via UPM fail in Jira server

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Problem

The following appears in the atlassian-jira.log

2017-10-17 15:32:19,181 UpmAsynchronousTaskManager:thread-3 ERROR admin 932x75x3 1b3k4i7 <IPaddress> /rest/plugins/1.0/ [c.a.u.c.r.resources.install.InstallFromUriTask] 
Error downloading plugin from https://marketplace.atlassian.com/download/plugins/com.atlassian.support.stp/version/3010042
2017-10-17 15:32:19,201 UpmAsynchronousTaskManager:thread-4 ERROR admin 932x79x2 1b3k4i7 <IPaddress> /rest/plugins/1.0/ [c.a.u.c.r.resources.install.InstallFromUriTask] 
Error downloading plugin from https://marketplace.atlassian.com/download/plugins/com.atlassian.support.stp/version/3010042

or 

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

or 

2020-04-03 15:05:29,632-0700 http-nio-8080-exec-30 WARN admin 905x5842x1 1b3k4i7 <IPaddress>,<IPaddress>,<IPaddress> /plugins/servlet/upm
 [c.a.upm.pac.PacClientImpl] Error when querying application info from MPAC: com.atlassian.marketplace.client.MpacException:
 javax.net.ssl.SSLPeerUnverifiedException: Certificate for <marketplace.atlassian.com> doesn't match any of the subject alternative names:
 [*.services.atlassian.com, services.atlassian.com]

or

Error when querying application info from MPAC: com.atlassian.marketplace.client.MpacException: javax.net.ssl.SSLException: hostname in certificate didn't match: <marketplace.atlassian.com> != <*.services.atlassian.com> OR <*.services.atlassian.com> OR <services.atlassian.com>


Diagnosis

Environment

  • JIRA 6.x and 7.x

Diagnostic Steps

  • Check if you have added the -Djsse.enableSNIExtension=false parameter in setenv file (via $JIRA-INSTALL/bin)
  • Check if you have added a version of TLS protocol lower than TLSv1.2 which is the default for JDK8

Cause

The following JVM arguments is being applied to the JIRA instance

  • -Djsse.enableSNIExtension=false
  • -Djdk.tls.client.protocols=TLSv1
  • -Djdk.tls.client.protocols=TLSv1.1

Resolution

Remove -Djsse.enableSNIExtension=false and TLS protocol parameters lower than v1.2 via JIRA startup options, and restart the application.


Last modified on Jul 6, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.