CertificateTooOldException: Certificate too old

Still need help?

The Atlassian Community is here for you.

Ask the community

Problem

When creating an application link, or using functionality that uses an application link, the applications aren't able to authenticate to each other.

The following appears in the application log:

com.atlassian.security.auth.trustedapps.CertificateTooOldException: Certificate too old. Application: XXXX:#### Certificate Created: TIMESTAMP Timeout: 10000

Diagnosis

Environment

  • Two applications are connected together using Application Links
  • The authentication method used is Trusted Applications

Cause

When a Trusted Applications request is sent, it includes a certificate with a timestamp attached to it. When the request arrives at the destination, the server will check that the current time is not more than the request timestamp, plus the timeout value (by default 10 seconds).

This problem is caused when the current time is later than the request timestamp plus the timeout value.

This can be caused by:

  • An incorrectly set time zone on at least on server
  • An out-of-date time zone definition, causing a server to think it has a different UTC offset to what it should be
  • Enough difference in the time between the two servers that the timeout is reached
  • Network latency can contribute to the cause of this problem; although it's rare that it's the complete cause

Resolution

  • Ensure both servers have synchronised their time with a Network Time Server
  • Ensure time zone definitions provided by the operating system are up-to-date. For Linux it's usually the "tzdata" package. For Windows it should be kept up-to-date by Windows Update.
  • In cases where latency is a factor, the cause of the latency should be isolated and corrected. Alternatively the timeout can be increased to a higher value in the incoming authentication of the Trustued Applications authentication.

Atlassian recommends OAuth

All new Application Links are created using OAuth. It provides all of the functionality of Trusted Applications and Basic Authentication. OAuth allows applications to authenticate and authorise users without accessing their credentials.

Further Reading

Last modified on Mar 30, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.