Application link creation failure in Fisheye/Crucible - certificate_unknown
症状
The setup of application link fails between Fisheye/Crucible and JIRA and the following appears in the atlassian-fisheye-YYYY-MM-DD.log
:
2013-02-22 09:53:10,631 WARN [btpool0-36 ] org.mortbay.log Slf4jLog-warn - EXCEPTION
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1839)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1019)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
診断
- Application link setup using insecure protocol succeeds without issues.
- Certificates for each server have been imported into the opposing applications installed Java keystore
cacerts.
- SSLPoke (see PKIX Path Building Failed - Cannot Set Up Trusted Applications To SSL Services) identifies successful connection:
[bill@jira ~]$ java SSLPoke fisheye.atlas.com 8843
Successfully connected
[bill@fisheye]# java SSLPoke jira.atlas.com 443
Successfully connected
原因
JIRA is bundled with its own JVM which references its own cacerts
keystore.
ソリューション
Determine which instance of Java is running JIRA and import the server certificates into the correct keystore:
- JIRA
Administration > System Information
- Search the page for "java.home" to determine the location of Java.
最終更新日: 2022 年 10 月 10 日
Powered by Confluence and Scroll Viewport.