Cannot add JIRA as a trusted application due to multiple trusted applications

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

The atlassian-confluence.log contains this error:

1 2 3 4 5 6 7 2008-04-30 15:37:29,524 ERROR [http-8040-Processor22] [[Catalina].[localhost].[/confluence].[noop]] invoke Servlet.service() for servlet noop threw exception java.lang.NullPointerException at com.atlassian.seraph.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:86) at com.atlassian.confluence.util.AbstractBootstrapHotSwappingFilter.doFilter(AbstractBootstrapHotSwappingFilter.java:28) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) ... at java.lang.Thread.run(Thread.java:619)

or

1 2 3 4 5 6 7 8 java.lang.NullPointerException at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter$CertificateServerImpl.writeCertificate(TrustedApplicationsFilter.java:201) at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:90) at com.atlassian.confluence.util.AbstractBootstrapHotSwappingFilter.doFilter(AbstractBootstrapHotSwappingFilter.java:30) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.seraph.filter.BaseLoginFilter.doFilter(BaseLoginFilter.java:150)

Cause

Confluence cannot fetch or process the keypair from KEYSTORE:

JIRA Trusted Application console

The connection to host http://yourdomain.com could not be established due to an error: java.io.IOException: Server returned HTTP response code: 500 for URL: http://yourdomain.com/admin/appTrustCertificate.

There may be other entries in the KEYSTORE table from other trusted connections between Confluence (for instance Fisheye). The query to retrieve the keypair may retrieve all keys from KEYSTORE but the code relies on the assumption that only one keypair (the one for JIRA) is present in the table.

Resolution

Newer Confluence versions (7.19.X and 8.5.X) do no longer allow JSP files to be loaded from the <confluence-install-dir>. Hence, you need to follow the steps in CONFSERVER-93646 for this resolution.

Always back up your data before making any database modifications. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.

  1. Delete all entries in the Confluence DB table: KEYSTORE

  2. Delete all of the Confluence entries in the JIRA DB table: trustedapp

  3. Run this JSP in Confluence to create a fresh keypair in KEYSTORE

  4. Set up trust in JIRA

Updated on April 15, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageProblemCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community