SSL certificate errors on OS X 10.11.x when using internally signed CA certs
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
When using an internally signed SSL certificate in Hipchat Server, the Hipchat OS X desktop app complains of a certificate error. This is an issue specific to OS X 10.11.x
診断
環境
- Hipchat Server 2.1.3 +
- Hipchat OS X desktop client 4.29.x (running OS X 10.11.x - El Capitan)
Diagnostic Steps
- Verify that the root certificate for the internally signed cert is installed in 'login' section of keychain access on the local machine.
- On login, verify that the Hipchat OS X desktop client is throwing a certificate error.
原因
While the exact root cause is unclear, the Hipchat OS X desktop app seems to ignore that the internally signed CA root is trusted in OS X 10.11 (El Capitan) machines. This is especially prevalent after the SSL certificate chain has been changed in the Hipchat Server recently.
ソリューション
There are two possible workarounds:
- Move the internally signed CA root certificate to the 'System Roots' keychain under keychain access in system preferences on the local machine.
- Update your machine to the latest OS X version
データベースの変更を行う場合は必ず事前にバックアップを取得してください。可能な場合は、まずステージング サーバーで SQL コマンドの変更、挿入、更新、または削除を行うようにします。