Scenario:

  • Having two JIRAs: JIRA Cloud "Left" and JIRA Server "Right", JIRA Server "Right" is behind HTTPS / SSL, 
    a relation with the same name (e.g. GROOVY) 
  • Start creating an instance on "Left" pointing to "Right"
  • Click "Test connection"
    (warning) an error gets logged: 


{"className":"java.net.ConnectException","message":"General SSLEngine problem Stacktrace:[Ljava.lang.StackTraceElement;@5f2cf96c"}


Cause:

The problem is that the certificate for the JIRA "Right" can not be validated on the JIRA "Left"

Troubleshoot:

  • Try to check the ssl certificate via ssl labs:
    1. go to https://www.ssllabs.com/ssltest/
    2. insert your JIRA "Right" https://... address
    3. wait until the result is provided
      it should grade the setup of JIRA right to A or higher.  Anything less must be resolved.
       
  • Send an SSLPoke from a separate machine to the JIRA "Right", as described here
    • if the SSLPoke succeeds - then the problem is probably with the JIRA Cloud "Left", and you should contact the Support Team
    • if the SSLPoke fails:

      /tmp# java SSLPoke jira.right.com 443
      sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
              at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
              at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
              at sun.security.validator.Validator.validate(Validator.java:260)
              at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
              at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
              at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
              at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
              at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
              at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
              at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
              at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
              at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
              at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
              at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
              at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
              at SSLPoke.main(SSLPoke.java:31)
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
              at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
              at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
              at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
              at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
              ... 15 more

      • if the reason is "Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
        • most probably, the version of java we use on our servers doesn't trust the certificate authority you are using

Useful links: