Webhook stops sending notification to MS Teams.
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
プラットフォームについて: Data Center のみ - この記事は、Data Center プラットフォームのアトラシアン製品にのみ適用されます。
この KB は Data Center バージョンの製品用に作成されています。Data Center 固有ではない機能の Data Center KB は、製品のサーバー バージョンでも動作する可能性はありますが、テストは行われていません。サーバー*製品のサポートは 2024 年 2 月 15 日に終了しました。サーバー製品を利用している場合は、アトラシアンのサーバー製品のサポート終了のお知らせページにて移行オプションをご確認ください。
*Fisheye および Crucible は除く
要約
Users are not receiving notification in MSTeams and SSL communication with *.office.com for the WebHook fails.
環境
- Jira Service Manager any version
- Jira Software any version
診断
- One of the following entries are logged in the application logs (atlassian-jira.log)
2022-06-28 14:49:32,403+0300 I/O dispatcher 2 DEBUG anonymous [o.a.h.conn.ssl.DefaultHostnameVerifier] Certificate for <XXXX.YYYYY.office.com> doesn't match any of the subject alternative names: [*.internal.outlook.com, *.outlook.com, outlook.com, office365.com, *.office365.com, *.outlook.office365.com, *.office.com, outlook.office.com, substrate.office.com, attachment.outlook.live.net, attachment.outlook.office.net, attachment.outlook.officeppe.net, attachments.office.net, *.clo.footprintdns.com, *.nrb.footprintdns.com, ccs.login.microsoftonline.com, ccs-sdf.login.microsoftonline.com, substrate-sdf.office.com, attachments-sdf.office.net, *.live.com, mail.services.live.com, hotmail.com, *.hotmail.com]
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <nokia.webhook.office.com> doesn't match any of the subject alternative names: [*.internal.outlook.com, *.outlook.com, outlook.com, office365.com, *.office365.com, *.outlook.office365.com, *.office.com, outlook.office.com, substrate.office.com, attachment.outlook.live.net, attachment.outlook.office.net, attachment.outlook.officeppe.net, attachments.office.net, *.clo.footprintdns.com, *.nrb.footprintdns.com, ccs.login.microsoftonline.com, ccs-sdf.login.microsoftonline.com, substrate-sdf.office.com, attachments-sdf.office.net, *.live.com, mail.services.live.com, hotmail.com, *.hotmail.com]
at org.apache.http.conn.ssl.DefaultHostnameVerifier.matchDNSName(DefaultHostnameVerifier.java:177)2022-07-14 15:47:29,991+0300 PsmqAsyncExecutors-then:thread-423 WARN bonzo 886x543x4 10to4pw 135.244.45.34,93.183.26.205 /secure/QuickCreateIssue.jspa [c.a.s.p.a.i.e.engine.asyncthen.AsyncThenJobProcessor] Failed executing ThenAction com.atlassian.servicedesk.plugins.automation.webhook.rulethen.WebhookThenAction asynchronously: 'Unable to obtain status code from webhook server: javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching XXXXX.YYYYYY.office.com found.' - Checked and confirmed certificates are valid.
原因
- JVM parameter -Djsse.enableSNIExtension is set as False.
ソリューション
Referring to oracle documentation:
jsse.enableSNIExtension system property. Server Name Indication (SNI) is a TLS extension, defined in RFC 4366. It enables TLS connections to virtual servers, in which multiple servers for different network names are hosted at a single underlying network address.
Some very old SSL/TLS vendors may not be able handle SSL/TLS extensions. In this case, set this property to false to disable the SNI extension.- If the SNIExtensions is set to false, the communication to subdomains which are hosted on the same virtual servers do not work.
- So get rid of this issue, either remove this switch or set the JVM parameter to True.