Synchrony Cluster Cannot be Reached by Confluence due to PKIX Error

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

問題

When setting up a Synchrony Cluster on a Confluence Datacenter, Synchrony service cannot be reached when attempting to enable the Collaborative Editing feature.

The following appears in the atlassian-confluence.log

2017-06-02 12:00:00,000 INFO [AtlassianEvent::CustomizableThreadFactory-1] [plugins.synchrony.config.DefaultSynchronyConfigurationManager] retrievePublicKey [Collab editing plugin] Could not retrieve public key for real-time collaboration service at https://confluence-url/synchrony/jwt-key with exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

診断

環境

  • The Confluence instance is using a Load Balancer with SSL.
  • The Load Balancer is set according to our documentation: How to configure Amazon Web Service Elastic Load Balancer with Confluence
  • The -Dsynchrony.service.url is properly set to use the Load Balancer URL in the Synchrony startup script. Example:

    -Dsynchrony.service.url=https://confluence-url/synchrony
  • The -Dsynchrony.service.url is properly set to use the Load Balancer URL + /v1 in the setenv configuration file of each node. Example:

    -Dsynchrony.service.url=https://confluence-url/synchrony/v1

診断ステップ

  • Synchrony is all properly setup
  • You can reach the Synchrony JVM by accessing confluence-url/synchrony/heartbeat URL in the browser (an OK message is returned)
  • Setting com.atlassian.confluence.plugins.synchrony class to DEBUG level under Confluence Administrator panel > Logging and Profiling shows that Synchrony cannot be reached by Confluence:
2017-05-30 21:01:02,111 DEBUG [http-nio-8090-exec-3] [plugins.synchrony.bootstrap.DefaultSynchronyMonitor] isSynchronyUp Checking Synchrony heartbeat on: https://confluence-url/synchrony/heartbeat
2017-05-30 21:01:02,119 DEBUG [http-nio-8090-exec-3] [plugins.synchrony.bootstrap.DefaultSynchronyMonitor] isSynchronyUp No response from Synchrony.

原因

The certificate from your Load Balancer is not trusted by the application.

ソリューション

To resolve this issue we have to import the public certificate into Confluence's truststore. Please, follow the instructions of this article to import the certificate: Unable to Connect to SSL Services due to PKIX Path Building Failed

 

最終更新日 2017 年 11 月 8 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.