Edit Attachment feature does not work when using self-signed certificate
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
This documentation only applies to Confluence version 6.11 onward, which comes with the Confluence Companion App to edit all types of attachments.
問題
Editing an attached file in a Confluence page (via Atlassian Companion App ) resulting in the Companion App to be unresponsive, as shown in the attached screenshot below:
診断
環境
You're using Confluence version 6.11 and above.
Confluence is running over SSL/HTTPS using a self-signed certificate.
Diagnostic Steps
Please try to edit an attached file in a Confluence page while generating a HAR file from your browser.
Once you've done that, please open the generated HAR file and try to look for similar request URL as follows:
<ConfluenceBaseURL>/rest/previews/templinksresource/attachmenturl?attachmentId=<attachmentID>&pageId=<pageID>
Next, please try to locate the signedDownloadPath entry of this request URL's response content.
Sample response content for the above request URL:{ "text": "{\"attachmentId\":46367300,\"downloadPath\":\"/download/attachments/46367304/Meeting_Notes_v1.2_20190108.xlsx?version=1&modificationDate=1546944188880&api=v2&download=true\",\"uploadPath\":\"/rest/api/content/46367304/child/attachment/46367300/data\",\"signedDownloadPath\":\"/download/attachments/46367304/Meeting_Notes_v1.2_20190108.xlsx?version=1&modificationDate=1546944188880&api=v2&download=true&jwt=eyJzdWIiOiJqd3Quc3ViamVjdC5jb25mbHVlbmNlLXByZXZpZXdzLnRlbXBsaW5rc3Jlc291cmNlIiwicXNoIjoiMjRhYmZlOGE2MmNiZTM2ZjdiY2YxNmY3NTc5OGI4NDExOTg5NzJlYmMxNDhkMTdhMzBjODdiNDQ4YTAxOThjOCIsImlzcyI6ImNvbS5hdGxhc3NpYW4uY29uZmx1ZW5jZS5wbHVnaW5zLnByZXZpZXdzIiwiZXhwIjoxNTQ3MDExMTQ5LCJpYXQiOjE1NDcwMTEwODksInVzZXJLZXkiOiIyYzlkNjNlMzYzMjRlNjUyMDE2MzhmZGVmMzU3MDAxMyJ9.P7Vs5E6lPg5gmbbQzhNlrYYPWL2HG4J86xv52jV-VQg\",\"signedUploadPath\":\"/rest/api/content/46367304/child/attachment/46367300/data?jwt=eyJzdWIiOiJqd3Quc3ViamVjdC5jb25mbHVlbmNlLXByZXZpZXdzLnRlbXBsaW5rc3Jlc291cmNlIiwicXNoIjoiZmU5NDQ2NmViNDk2Y2M2MmMxMGU3YTM5OGM2YjQyMzdkMDVjMjBmMjVmNDA5ZjJkMjAyZmI3ZGY2NjMzOTg5YiIsImlzcyI6ImNvbS5hdGxhc3NpYW4uY29uZmx1ZW5jZS5wbHVnaW5zLnByZXZpZXdzIiwiZXhwIjoxNTQ3MDExMTQ5LCJpYXQiOjE1NDcwMTEwODksInVzZXJLZXkiOiIyYzlkNjNlMzYzMjRlNjUyMDE2MzhmZGVmMzU3MDAxMyJ9.gAYZ3hxzae85RX_Mv9d6osw2dV-BCHEmAb9zNladWaQ\"}" }
- If we're able to find the signedDownloadPath entry in the response, we could then confirm that Confluence was able to generate the correct information to be sent over to the Companion App , when the Edit with <ApplicationName> button is clicked.
Another thing that we also need to take note of here is that the Companion App will be using the signedDownloadPath (it includes the jwt token which will only be valid for 30 seconds) in the details above to download the attachment to the designated folders below:
WindowsC:\Users\username\.atlassian-companion\<hash>\<fileName>
The user may need to "Show hidden files and folders" to view this folder
Mac~/.atlassian-companion/<hash>/<fileName>
- Should Companion App able to download the files successfully, it will then open it with the application that is determined earlier. Otherwise, the files downloaded to the path above would be of zero bytes.
原因
When Confluence is running over SSL (with self-signed certificate), the Companion App feature will not work out of the box. This is because Atlassian Companion App is built with ElectronJS, which does not trust the self-signed certificate by default. As such, Companion App then won't be able to download the edited file successfully.
回避策
As such to workaround this, we'd then need to manually add the certificate to the local machine's certificate manager tool, so that our self-signed certificate would be trusted.
To do this, we believe you may follow the steps outlined in the following articles:
- Windows
- https://www.thewindowsclub.com/manage-trusted-root-certificates-windows
- https://www.ibm.com/support/knowledgecenter/en/SSYQBZ_9.6.1/com.ibm.rational.dwa.install.doc/topics/t_configureIEforSSL.html