Automation for Jira and/or Jira webhooks fail with SSLPeerUnverifiedException

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible


Webhooks testing or execution in Jira or the Automation for Jira app fails with HTTP 500.

This may happen while testing a Microsoft Teams webhook after Microsoft deprecated the webhooks API


The following error is logged:

1 2021-04-07 19:46:51,190+0900 http-nio-8080-exec-18 WARN user_name 1186x2267834x1 sdlkxe,,0:0:0:0:0:0:0:1 /rest/cb-automation/latest/project/17316/rule/outgoing-webhook/validate [c.c.t.api.http.HttpClientImpl] Unexpected problem sending request [POST HTTP/1.1]: SSLPeerUnverifiedException: Certificate for <> doesn't match any of the subject alternative names: [*, *,,, *, *, *,,,,,,, *, *,,,,, *,,, *]


During SSL validation on the Java HTTP client, the FQDN of the host reached has to match at least one of hosts defined in the SSL certificate.

With SNI disabled, the wildcard matching occurs as per RFC 6125 > 6.4.3. Checking of Wildcard Certificates:

"2. If the wildcard character is the only character of the left-most label in the presented identifier, the client SHOULD NOT compare against anything but the left-most label of the reference identifier (e.g., * would match but not or"

In the error above, could not be matched with *


If you have -Djsse.enableSNIExtension=false in your JVM parameters, remove it.

Updated on May 31, 2024

Still need help?

The Atlassian Community is here for you.