Manage apps page throws Marketplace server not reachable error in Jira


アトラシアン コミュニティをご利用ください。



When going to manage/add new add-ons page, this error is displayed:

The Atlassian Marketplace server is not reachable. To avoid problems when loading this page, you can disable the connection to the Marketplace server

The atlassian-jira.log contain the following errors:

2013-10-29 14:30:17,194 WARN  [http-bio-7990-exec-5] user 870x497x1 1lzkc13 XXX.XXX.XXX.XXX, "GET /plugins/servlet/upm/marketplace HTTP/1.0" com.atlassian.upm.pac.PacClientImpl Error when querying application info from MPAC: com.atlassian.marketplace.client.MpacException: peer not authenticated


When Java establishes an outbound connection, it needs to establish trust when it reads the server certificate of the Marketplace. In order to do this, it checks the Java trust store for a certificate chain that indicates the certificate served by the Atlassian Marketplace can be trusted. This trust store is located at JAVA_HOME/jre/lib/security/cacerts by default, but a customized location can be defined by the startup parameter

If Jira is unable to establish trust when accessing the marketplace, the connection will be refused and your admins will not be able to use the Marketplace within JIRA.

This occurs because the default Java trust store has been modified, and therefore is missing a valid trust chain, or, the certificate presented by Marketplace has been tampered with by a local proxy, and therefore is not trusted.


If using Windows we recommend using the tool specified in Connecting to SSL services to do this as it is easier.

  1. Download the Atlassian Marketplace certificates with the commands below:

    openssl s_client -connect < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >
    openssl s_client -connect < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >
    openssl s_client -connect -servername < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >


    openssl s_client -connect < NUL >
    openssl s_client -connect < NUL >
    openssl s_client -connect -servername < NUL >

    After saving the certificates in Windows, edit them and delete everything before the "BEGIN CERTIFICATE" line and everything after the "END CERTIFICATE" line. This step is not required for Linux.

  2. Import the certificates into the Java trust store:

    keytool -import -alias -keystore /path/to/keystore -file /path/to/
    keytool -import -alias -keystore /path/to/keystore -file /path/to/
    keytool -import -alias -keystore /path/to/keystore -file /path/to/

    The trust store is located in the following directories:

    • Windows/Linux: $JAVA_HOME/jre/lib/security/cacerts
    • Mac OS (not supported): $JAVA_HOME/lib/security/cacerts
    • If customised: Check the value of the startup parameter

    If keytool prompts for a password, the default is changeit.

  3. Restart the Jira application. Certificates are loaded into the JVM on startup and such changes need a restart to take effect.

Please see the following question on Atlassian Answers and Problems Connecting to the Atlassian Marketplace for further information.

最終更新日 2020 年 7 月 26 日


Powered by Confluence and Scroll Viewport.