Perforce Public Knowledge Base - P4DTG JIRA SSL Support
Reset Search
 

 

Article

P4DTG JIRA SSL Support

« Go Back

Information

 
Problem

You may configure a JIRA defect tracking source to a secure JIRA server by using the secure URL (https). 

For example:

 

    https://jirahost/rpc/soap/jirasoapservice-v2
 
Solution

Troubleshooting Connection Failure

Failure to connect to the JIRA https source results in the same generic error as a non-SSL connection failure: 

Unable to connect to server:
Unable to open connection to JIRA. Please make sure Java (JRE/JDK) 
is installed and the JIRA server URL, username and password are correct.

First, verify that you can connect to the https URL in your browser. 

Next, use the attached test program to connect to your secure JIRA URL.  Save and run this program from the same environment and directory that the P4DTG replication process runs from. 

This sample program opens a connection, just like the P4DTG JIRA plug-in, and prints the information retrieved from that URL.

An example with a successful result:

$ java -jar urltester.jar https://jirahost/rpc/soap/jirasoapservice-v2
<h1>jirasoapservice-v2</h1>
<p>Hi there, this is an AXIS service!</p>
<i>Perhaps there will be a form for invoking the service here...</i>
Should you need to pass any additional properties to this java program, such as the keystore location and password, you also then need to give these properties to the JIRA plug-in. This is done by editing your JIRA Defect Tracking Source, "Edit attributes..." button, then add your properties to the Java Options attribute. 

Common Exceptions

1) Exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present 

This typically means the host name in your https URL does not match the host name in the Certificate.  For your URL, use the same host name as present in the JIRA web server's Certificate. 

2) Exception: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty 

Double check your javax.net.ssl.trustStore and javax.net.ssl.keyStore values. 

3) Exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

The JIRA web server's certificate is not trusted.  Import the certificate into your store. 

4) Exception:  javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake 
and Caused by: java.io.EOFException: SSL peer shut down incorrectly
 
This can also be caused by an untrusted server certificate.  Import the certificate into your store. 

Common Certificate Related Java Properties

If you use a certificate that is not from a trusted Certificate Authority, you will need to import that certificate into your java installations default store or create another store with the certificate.  You can point to the alternate store using these properties: 
javax.net.ssl.keyStore=<keystore file> 
javax.net.ssl.trustStrore=<truststore file> 
javax.net.ssl.keyStorePassword=<password> 

Specifying Addtional Connection Properties 

Specifying the properties such as keyStore and trustStore is done by editing your JIRA Defect Tracking Source, "Edit attributes..." button, then add your properties to the Java Options attribute.   Individual java options should be space delimited and properties are preceeding the "-D". 

Example of edit Java Options: 


Related Links

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255