Scenario:

  • Having two JIRA nodes: JIRA "Left" and JIRA "Right", JIRA "Right" is behind HTTPS / SSL, 
    a relation with the same name (e.g. GROOVY) 
  • one exalates an issue on JIRA "LEFT"
    (warning) an error gets logged: 

 

Full stack trace
2015-07-13 10:19:33,992 pool-43-thread-1 ERROR admin 608x384x1 29csdf 10.10.7.162 /secure/admin/XmlRestore.jspa [exalate.replication.out.SendSyncRequestEventState] Sending sync request for relation GROOVY and issue PAR-2 failed.
com.exalate.api.transport.TransportException: com.atlassian.sal.api.net.ResponseException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at com.exalate.transport.rest.client.RestTransportProtocol.sendSyncRequest(RestTransportProtocol.java:36)
	at com.exalate.transport.TransportService.sendSyncRequest(TransportService.java:47)
	at com.exalate.replication.out.SendSyncRequestEventState.transition(SendSyncRequestEventState.java:37)
	at com.exalate.replication.out.SendSyncRequestEventState.transition(SendSyncRequestEventState.java:19)
	at com.exalate.replication.out.EventProcessorService.processSyncEvent(EventProcessorService.java:58)
	at com.exalate.replication.out.EventProcessorService.processSyncEvents(EventProcessorService.java:40)
	at com.exalate.replication.out.EventWorker.run(EventWorker.java:68)
	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.util.concurrent.FutureTask$Sync.innerRunAndReset(Unknown Source)
	at java.util.concurrent.FutureTask.runAndReset(Unknown Source)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(Unknown Source)
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Caused by: com.atlassian.sal.api.net.ResponseException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:376)
	at com.atlassian.sal.core.net.HttpClientRequest.execute(HttpClientRequest.java:472)
	at com.atlassian.plugins.rest.module.jersey.JerseyRequest.execute(JerseyRequest.java:155)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at com.atlassian.plugins.rest.module.ContextClassLoaderSwitchingProxy.invoke(ContextClassLoaderSwitchingProxy.java:27)
	at com.sun.proxy.$Proxy7544.execute(Unknown Source)
	at com.exalate.transport.rest.client.SyncRequestClient.postSyncRequest(SyncRequestClient.java:40)
	at com.exalate.transport.rest.client.RestTransportProtocol.sendSyncRequest(RestTransportProtocol.java:34)
	... 14 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
	at sun.security.ssl.AppOutputStream.write(Unknown Source)
	at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
	at java.io.BufferedOutputStream.flush(Unknown Source)
	at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:502)
	at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
	at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
	at com.atlassian.sal.core.net.HttpClientRequest.executeMethod(HttpClientRequest.java:596)
	at com.atlassian.sal.core.net.HttpClientRequest.executeMethod(HttpClientRequest.java:546)
	at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:350)
	... 24 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
	at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
	at sun.security.validator.Validator.validate(Unknown Source)
	at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
	... 44 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
	at java.security.cert.CertPathBuilder.build(Unknown Source)
	... 50 more

Cause:

The problem is that the certificate for the JIRA "Right" is not installed to the java keystore of the JIRA "Left".

Fix:

  1. Ask the administration of the JIRA "Right" to provide the certificate file
    1. JIRA "Right" admin should export the certificate file:

      Terminal on the JIRA "Right" host
       admin.right@right.com:~$ sudo keytool -export -keystore /opt/atlassian/jira/jre/lib/security/cacerts -alias right -file ~/right.cer
    2. provide the "right.cer" file to the JIRA "Left" administration
       
  2. Register the certificate of the JIRA "Right" in the JIRA "Left" trusted keystore
    1. ensure the certificate file "right.cer" is stored in the home directory of the admin.left user on the JIRA "Left" host
    2. JIRA "Left" admin should import the certificate file

      Terminal on the JIRA "Left" host
      admin.left@left.com:~$ sudo keytool -import -v -trustcacerts -keystore /opt/atlassian/jira/jre/lib/security/cacerts -alias right -file ~/right.cer 
  3. Restart JIRA "Left"

 

Useful links: