General SSLEngine Problem

Problem

1. If you have two Jira instances: Jira Cloud "Left" and JIRA on-premise "Right", JIRA on-premise "Right" is behind HTTPS / SSL, a connection with the same name (e.g. GROOVY)
2. Start creating an instance on "Left" pointing to "Right"
3. Click Test connection and an error gets logged.

{"className":"java.net.ConnectException","message":"General SSLEngine problem Stacktrace:[Ljava.lang.StackTraceElement;@5f2cf96c"}

Cause

The problem is that the certificate for the Jira "Right" can not be validated on the Jira "Left"

Solution

• Try to check the SSL certificate via SSL labs:
  1. go to https://www.ssllabs.com/ssltest/
  2. insert your JIRA "Right" HTTPS://... address
  3. and wait until the result is provided
     it should grade the setup of Jira right to A or higher. Anything less must be resolved.
• Send an SSLPoke from a separate machine to the JIRA "Right", as described here
  • if the SSLPoke succeeds - then the problem is probably with the JIRA Cloud "Left", and you should contact the Support Team

  • if the SSLPoke fails:

    /tmp# java SSLPoke jira.right.com 443
    sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
            at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
            at sun.security.validator.Validator.validate(Validator.java:260)
            at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
            at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
            at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
            at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
            at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
            at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
            at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
            at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
            at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
            at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
            at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
            at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
            at SSLPoke.main(SSLPoke.java:31)
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
            at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
            at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
            at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
            ... 15 more

    • if the reason is "Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
      • most probably, the version of Java we use on our servers doesn't trust the certificate authority you are using.