CertificateTooOldException: Certificate too old

このページの内容

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

問題

When creating an application link, or using functionality that uses an application link, the applications aren't able to authenticate to each other.

The following appears in the application log:

com.atlassian.security.auth.trustedapps.CertificateTooOldException: Certificate too old. Application: XXXX:#### Certificate Created: TIMESTAMP Timeout: 10000

診断

環境

  • Two applications are connected together using Application Links
  • The authentication method used is Trusted Applications

原因

When a Trusted Applications request is sent, it includes a certificate with a timestamp attached to it. When the request arrives at the destination, the server will check that the current time is not more than the request timestamp, plus the timeout value (by default 10 seconds).

This problem is caused when the current time is later than the request timestamp plus the timeout value.

This can be caused by:

  • An incorrectly set time zone on at least on server
  • An out-of-date time zone definition, causing a server to think it has a different UTC offset to what it should be
  • Enough difference in the time between the two servers that the timeout is reached
  • Network latency can contribute to the cause of this problem; although it's rare that it's the complete cause

ソリューション

  • Ensure both servers have synchronised their time with a Network Time Server
  • Ensure time zone definitions provided by the operating system are up-to-date. For Linux it's usually the "tzdata" package. For Windows it should be kept up-to-date by Windows Update.
  • In cases where latency is a factor, the cause of the latency should be isolated and corrected. Alternatively the timeout can be increased to a higher value in the incoming authentication of the Trustued Applications authentication.

Atlassian recommends OAuth

All new Application Links are created using OAuth. It provides all of the functionality of Trusted Applications and Basic Authentication. OAuth allows applications to authenticate and authorise users without accessing their credentials.

その他の情報

最終更新日 2016 年 3 月 30 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.