Confluence Unable to Make Connection to Atlassian MarketPlace

Platform Notice: Data Center Only - This article only applies to Atlassian apps on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Confluence Marketplace stops connecting when the Keystore file (Cacerts) KetstoreType is changed to PKCS12 from JKS. The following error appears in the Confluence Manage App page:

"The Atlassian Marketplace server is not reachable. To avoid problems when loading this page, you can disable the connection to the Marketplace server."

And the following errors may appear in the atlassian-confluence.log

2020-06-30 09:25:10,686 WARN [https-jsse-nio2-8443-exec-7] [atlassian.upm.pac.PacClientImpl] fetchMpacAppInfo Error when querying application info from MPAC: com.atlassian.marketplace.client.MpacException: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
2020-06-30 09:25:10,686 WARN [https-jsse-nio2-8443-exec-7] [atlassian.upm.pac.PacClientImpl] fetchMpacAppInfo Error when querying application info from MPAC: com.atlassian.marketplace.client.MpacException: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Diagnosis

This issue happens when the Confluence Java Keystore file KeystoreType is changed to PKCS12 from the default JKS.

Steps to reproduce

  1. Check if you are able to connect the Marketplace from the Confluence UI.

  2. Then check what is cacerts KeystoreType. To check, use the first line when you run the command below:

    keytool -list -v -keystore <cacerts file Path> -storepass <cacerts file Password>

  3. The result should be like:

    Keystore type: JKS Keystore provider: SUN

  4. Stop Confluence and change the KeystoreType from JKS to pkcs12 for Cacerts. Use the command below:

    keytool -importkeystore -srckeystore <cacerts file path> -destkeystore <cacerts file path> -deststoretype PKCS12

  5. After that, start Confluence and check the Manage App Page and atlassian-confluence.log. You should get the error "the trustAnchors parameter must be non-empty" and the Marketplace won't connect via UI as well.

  6. Stop Confluence again, change the KeystoreType to JKS, and start Confluence.

    keytool -importkeystore -srckeystore <cacerts file path> -destkeystore <cacerts file path> -deststoretype JKS

  7. After changing the KeystoreType to JKS, Confluence should now connect to the Marketplace without any error.

Cause

Confluence server will not make Marketplace connection with a Java Keystore File that has PKCS12 KeystoreType.

Solution

  1. Check what the KeyStoreType is for the Cacerts, execute the command below, and check the first line of the output:

    <KeyTool Path> -list -v -keystore <cacerts Path> -storepass <Keystore Password>

  2. Make a copy of the cacerts file first. If KeystoreType is PKCS12, change it to the JKS using the command below. The command below will create a backup of Cacerts, but make sure to also have your own backup:

    <KeyTool Path> -importkeystore -srckeystore <cacerts Path> -destkeystore <cacerts Path> -deststoretype JKS

  3. Restart Confluence and check the Marketplace connection.

Updated on September 26, 2025
Platform
Data Center only
App
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community