CertificateTooOldException: Certificate too old
アプリケーション リンクの作成時や、アプリケーション リンクを使用する機能の利用時に、アプリケーション同士での認証に失敗する。
The following appears in the application log:
com.atlassian.security.auth.trustedapps.CertificateTooOldException: Certificate too old. Application: XXXX:#### Certificate Created: TIMESTAMP Timeout: 10000
- 2 つのアプリケーションがアプリケーション リンクを使って接続されている
- The authentication method used is Trusted Applications
When a Trusted Applications request is sent, it includes a certificate with a timestamp attached to it. When the request arrives at the destination, the server will check that the current time is not more than the request timestamp, plus the timeout value (by default 10 seconds).
This problem is caused when the current time is later than the request timestamp plus the timeout value.
This can be caused by:
- An incorrectly set time zone on at least on server
- An out-of-date time zone definition, causing a server to think it has a different UTC offset to what it should be
- Enough difference in the time between the two servers that the timeout is reached
- Network latency can contribute to the cause of this problem; although it's rare that it's the complete cause
- Ensure both servers have synchronised their time with a Network Time Server
- Ensure time zone definitions provided by the operating system are up-to-date. For Linux it's usually the "tzdata" package. For Windows it should be kept up-to-date by Windows Update.
In cases where latency is a factor, the cause of the latency should be isolated and corrected. Alternatively the timeout can be increased to a higher value in the incoming authentication of the Trustued Applications authentication.
Atlassian recommends OAuth
All new Application Links are created using OAuth. It provides all of the functionality of Trusted Applications and Basic Authentication. OAuth allows applications to authenticate and authorise users without accessing their credentials.