Message-ID: <208342591.15404.1711691713738.JavaMail.appbox@confluence> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_15403_366503952.1711691713738" ------=_Part_15403_366503952.1711691713738 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This article applies to: *Deskzilla 1.x-2.0, JIRA Client 1.x-2.0, and co=
nnecting to Bugzilla and JIRA servers via https://... connections.
For =
clarity, this article is written about JIRA Client and JIRA, but it applies=
to Deskzilla / Bugzilla as well.
This does not apply to JIRA Client version 2.1 and late= r and Deskzilla version 2.1 and later, as the issue has been solved.
=20The problem is that JIRA Client cannot connect to JIRA over a secure con= nection (for example, to the url https://jira.company.com), with the following error = text:
=20Connection problem: sun.security.validator.ValidatorException: PKIX path= building failed: sun.security.provider.certpath.SunCertPathBuilderExceptio= n: unable to find valid certification path to registered target
=20This reason for this problem is that the SSL certificate used on the ser= ver is self-signed and not trusted by default by the underlying Java securi= ty platform.
=20You might not experience this problem, even if the certificate you use i= s self-signed. Do not apply this solution if JIRA Client has no problem con= necting to JIRA.
The self-signed certificate should have Common Name (CN) equal to the ho= st name of the JIRA web site, otherwise the solution won't work! You can in= spect Common Name among other certificate's properties when viewing it in a= browser.
The solution involves getting the untrusted SSL certificate from the ser= ver and making it trusted by importing it into a special file, java keystor= e.
=20If you downloaded the default JIRA Client distribution, it contains bund= led JRE (Java Runtime) and when you run jiraclient.exe, it looks f= or the bundled JRE in the installFolder/jre. On Windows Vista 64-b= it, the default location of the program is C:\Program Files (x86)\JIRA = Client, and so the location of JRE will be C:\Program Files (x86)\= JIRA Client\jre.
=20If you downloaded JIRA Client without bundled Java, or run it with .bat = / .sh script, then you probably should know which Java does JIRA Client use= , or you can find out by inspecting your PATH and JAVA_HOME variables.
= =20The location of cacerts is jreHome/lib/security/cacerts, where jreHome is the home path of the JRE in use. (Note that if= you're using a JDK, then jreHome would be jdkHome/jre.)<= /p>=20
Now you need to get a file with exported server certificate. If you have= Firefox browser installed, you can do the following:
=20Now you can import the server's certificate into the located cacerts= file. Change into the directory where cacerts is located and run = keytool command, located in "bin" subdirectory under jreHome:=
=20..\..\bin\keytool -import -file path/to/the/exported/file.crt -alias my_jir= a_server -keystore cacerts=20
The default password is changeit, unless you have chang= ed it.
=20Keytool will ask for confirmation, to which you should answer ye= s and then write updated store to the disk.
=20You have to have write permissions to the cacerts file and its directory= . If needed, start command line with Administrative permissions under Windo= ws, or sudo under Linux or Mac OS X.
Try to connect. If it doesn't work, double-check that
=20If all looks correct but it doesn't work, please contact support.
=20Other solutions are also possible, for example, setting Java key store t= o a different file with certificate already there.