Unable to import CA reply
プラットフォームについて: Data Center - この記事は、Data Center プラットフォームのアトラシアン製品に適用されます。
このナレッジベース記事は製品の Data Center バージョン用に作成されています。Data Center 固有ではない機能の Data Center ナレッジベースは、製品のサーバー バージョンでも動作する可能性はありますが、テストは行われていません。サーバー*製品のサポートは 2024 年 2 月 15 日に終了しました。サーバー製品を利用している場合は、アトラシアンのサーバー製品のサポート終了のお知らせページにて移行オプションをご確認ください。
*Fisheye および Crucible は除く
The content on this page relates to platforms that are not supported. Consequently, Atlassian Support cannot guarantee providing any support for it. Please be aware that this material is provided for your information only and using it is done so at your own risk.
要約
On following Running Jira applications over SSL or HTTPS to renew certificates - on steps 13 to 17:
13. You should generate a Certificate Signing Request for the CA to sign and confirm the identity of the certificate. To do so, right-click the certificate and choose Generate CSR. Save it in <Jira_HOME>/jira.csr.
14. Submit the CSR to the CA for signing. They'll provide a signed certificate (CA reply) and a set of root or intermediate CA certificates.
15. Import the root or intermediate CA certificates with Import Trusted Certificate, repeating this step for each certificate.
16. Import the signed certificate by right-clicking the jira certificate and selecting Import CA Reply.
You may face the following error:
- Via Portecle:
Could not establish trust for the CA Reply. Import cannot proceed.
- Via Keytool:
keytool error: java.lang.Exception: Failed to establish chain from reply
環境
Jira Data Center
Tomcat
診断
A simplified version of the certificate chain could be like the following:
原因
The intermediate CA certificate has changed since it was imported into the Java Keystore.
ソリューション
Contact the signing CA to get the new Root and intermediate CA certificates.