General SSLEngine Problem

    Problem

    1. If you have two Jira instances: Jira Cloud "Left" and JIRA on-premise "Right", JIRA on-premise "Right" is behind HTTPS / SSL, a connection with the same name (e.g. GROOVY)
    2. Start creating an instance on "Left" pointing to "Right"
    3. Click Test connection and an error gets logged.
    Error detail:
    {"className":"java.net.ConnectException","message":"General SSLEngine problem Stacktrace:[Ljava.lang.StackTraceElement;@5f2cf96c"}

    Cause

    The problem is that the certificate for the Jira "Right" can not be validated on the Jira "Left"

    Solution

    • Try to check the SSL certificate via SSL labs:
      1. go to https://www.ssllabs.com/ssltest/
      2. insert your JIRA "Right" HTTPS://... address
      3. and wait until the result is provided
        it should grade the setup of Jira right to A or higher. Anything less must be resolved.
    • Send an SSLPoke from a separate machine to the JIRA "Right", as described here
      • if the SSLPoke succeeds - then the problem is probably with the JIRA Cloud "Left", and you should contact the Support Team
      • if the SSLPoke fails:

        /tmp# java SSLPoke jira.right.com 443
        sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
                at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
                at sun.security.validator.Validator.validate(Validator.java:260)
                at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
                at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
                at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
                at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
                at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
                at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
                at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
                at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
                at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
                at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
                at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
                at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
                at SSLPoke.main(SSLPoke.java:31)
        Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
                at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
                at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
                at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
                ... 15 more
        • if the reason is "Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
          • most probably, the version of Java we use on our servers doesn't trust the certificate authority you are using.