Error message: peer not authenticated when creating Application Link to Cloud
Problem
When create a new application link using HTTPS protocol to Cloud instances, it shows that server not reachable
And throw the below errors in the log (Cloud logs or the application log where you are connecting):
2015-08-05 10:39:51.332747500 2015-08-05 10:39:51,324 ajp-nio-127.0.0.104-8009-exec-53 ERROR sysadmin 639x23143x1 qfhlbe 202.68.74.170,165.254.226.129 /rest/applinks/2.0/applicationlinkForm/manifest.json [core.rest.ui.CreateApplicationLinkUIResource] ManifestNotFoundException thrown while retrieving manifest
2015-08-05 10:39:51.332749500 com.atlassian.applinks.spi.manifest.ManifestNotFoundException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
2015-08-05 10:39:51.332750500 at com.atlassian.applinks.core.manifest.AppLinksManifestDownloader.download1(AppLinksManifestDownloader.java:201)
2015-08-05 10:39:51.332763500 at com.atlassian.applinks.core.manifest.AppLinksManifestDownloader.access$000(AppLinksManifestDownloader.java:44)
2015-08-05 10:39:51.332764500 at com.atlassian.applinks.core.manifest.AppLinksManifestDownloader$1$1.<init>(AppLinksManifestDownloader.java:86)
2015-08-05 10:39:51.332764500 at com.atlassian.applinks.core.manifest.AppLinksManifestDownloader$1.apply(AppLinksManifestDownloader.java:79)
2015-08-05 10:39:51.332766500 at com.atlassian.applinks.core.manifest.AppLinksManifestDownloader$1.apply(AppLinksManifestDownloader.java:76)
2015-08-05 10:39:51.332766500 at com.google.common.collect.ComputingConcurrentHashMap$ComputingValueReference.compute(ComputingConcurrentHashMap.java:355)
2015-08-05 10:39:51.332769500 at com.google.common.collect.ComputingConcurrentHashMap$ComputingSegment.compute(ComputingConcurrentHashMap.java:184)
2015-08-05 10:39:51.332770500 at com.google.common.collect.ComputingConcurrentHashMap$ComputingSegment.getOrCompute(ComputingConcurrentHashMap.java:153)
2015-08-05 10:39:51.332771500 at com.google.common.collect.ComputingConcurrentHashMap.getOrCompute(ComputingConcurrentHashMap.java:69)
...
...
2015-08-05 10:39:51.356043500 Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
2015-08-05 10:39:51.356044500 at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
2015-08-05 10:39:51.356049500 at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:266)
2015-08-05 10:39:51.356050500 at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:213)
2015-08-05 10:39:51.356050500 at com.atlassian.sal.core.net.CustomSSLProtocolSocketFactory.createSocket(CustomSSLProtocolSocketFactory.java:118)
2015-08-05 10:39:51.356052500 at org.apache.commons.httpclient.HttpConnection.tunnelCreated(HttpConnection.java:786)
Diagnosis
Diagnostic Steps
- Check your application's SSL certificate for any issue on the following page
Specifically take note of the result under Handshake Simulation on the items below:
Java 6u45 No SNI 2 TLS 1.0 TLS_RSA_WITH_RC4_128_MD5 (0x4) No FS RC4 128 Java 7u25 Client aborts on SNI unrecognized_name warning Fail3 Java 8u31 Client aborts on SNI unrecognized_name warning Fail3
Sample of failed handshake that caused the error
- A good configuration should have the below result shown when testing:
Cause
Starting from JAVA 7, JAVA has introduced SNI support which is enabled by default. If the configuration of the server name or server alias is set wrongly of not set. It will fail the handshake between JAVA and the application.
More on SNI.
Resolution
Apache related configuration is not supported at support.atlassian.com as outlined in our Atlassian Support Offerings. If you have issue configuring/editing the configuration file, please head towards Answers where our community resides, they might be able to point you towards resolution to your issue.
Check the Apache config file and add the ServerName or ServerAlias as per the code block below:
<VirtualHost mydomain.com:443>
ServerName mydomain.com
ServerAlias www.mydomain.com
Replace the rightful domain name for your application