Getting 'Establishing SSL connection without server's identity verification is not recommended' warning messages in the logs

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

Confluence logs is flooded with the following messages:

1 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

Diagnosis

Confluence is connected to MySQL 5.5+ and the connection string doesn't have the parameter describing usage of SSL defined.

Cause

This is warning coming from newer versions of MySQL.

Solution

Resolution

Ensure that we explicitly specify to disable or enable SSL usage.

  1. Shut down Confluence

  2. ⚠️ Backup confluence.cfg.xml located in <confluence_home>

  3. Edit confluence.cfg.xml

  4. Look for the database connection string similar to the following:

    1 <property name="hibernate.connection.url">jdbc:mysql://<database-IP>/<databasename></property>

  5. Ensure that we have specified usage of SSL.

    1. DISABLE - for example, this is to explicitly specify not to use SSL:

      1 <property name="hibernate.connection.url">jdbc:mysql://<database-IP>/<databasename>?useSSL=false</property>

    2. ENABLE - for example, this is to explicitly specify to use SSL:

      1 <property name="hibernate.connection.url">jdbc:mysql://<database-IP>/<databasename>?useSSL=true</property>

      In addition, you must set up certificates and configure the truststore: https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-using-ssl.html

  6. Restart Confluence

Updated on April 8, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community