SSL サービスに接続する

プラットフォームについて: サーバーと Data Center のみ。この記事は、サーバーおよび Data Center プラットフォームのアトラシアン製品にのみ適用されます。

このページの内容はサポート対象外のプラットフォームに関連しています。したがって、アトラシアン サポートではこのページの記載内容のサポートの提供は保証されません。この資料は情報提供のみを目的として提供されています。内容はお客様自身の責任でご利用ください。


本ページでは、Jira、Confluence等のウェブアプリケーションを SSL ラッピングされた多種プロトコル経由の SSL 上で外部サーバーに接続して取得する手順について説明します。 SSL サービスは以下の作業を実行する場合に必要です。

  • Refer to an https://... URL in a Confluence macro
  • Use an IMAPS server to retrieve mail in Jira
  • Use SMTP over SSL (SMTPS) to send mail in Jira
  • Connect to an LDAP directory over SSL
  • Set up Application Links over SSL

This does not cover running your application over SSL. Please see your product's documentation to run it over SSL:


Attempting to access URLs that are encrypted with SSL (for example HTTPS, LDAPS, IMAPS) throws an exception and your application refuses to connect to it. For example: PKIX path building failed: unable to find valid certification path to requested target
 at com.sun.mail.imap.IMAPStore.protocolConnect(
 at javax.mail.Service.connect(
 at javax.mail.Service.connect(

これは自己署名で暗号化されたページにアクセスする際に Chrome で発生する以下のエラーと同じですが、Java は「とにかく続行」することができないため、証明書を拒否します。


Whenever your application attempts to connect to another application over SSL (e.g.: HTTPS, IMAPS, LDAPS), it will only be able to connect to that application if it can trust it. The way trust is handled in the Java world (this is what your application is written in) is that you have a "truststore" file (typically $JAVA_HOME/lib/security/cacerts). This trust store file contains trusted certificates and Java uses this to determine if the SSL certificate used by another application can be trusted.  Java will only trust certificates that are signed by a Certificate Authority (CA) whose certificate is in the trust store, or public certificates that are added to the trust store. For example, if we look at the certificate for Atlassian:

We can see the * certificate has been signed by the intermediate certificates, DigiCert High Assurance EV Root CA and DigiCert High Assurance CA-3. These intermediate certificates have been signed by the root Secure Server CA. Those three certificates combined are referred to as the certificate chain. Because the three CA certificates are within the Java trust store file (cacerts), Java will trust any certificates signed by them (in this case, * Alternatively, if the * certificate was in the trust store, Java would also trust that site.

This problem comes from a certificate that is either self-signed (a CA did not sign it) or the certificate chain does not exist within the Java trust store. Subsequently, your application doesn't trust the certificate and fails to connect to the application.


In order to resolve this, the public certificate needs to be imported in the Java trust store that your application uses. In the example above, this is * and we cover how to install it below.

JVM にパブリック SSL 証明書をインポートする方法

最終更新日 2022 年 9 月 2 日


Powered by Confluence and Scroll Viewport.