Internal gadgets displaying titles as __MSG

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

After upgrading Confluence, moving to another server or just updating the JDK/JRE, gadget titles appear as __MSG_gadget.xxxxxx.

The following appears in the atlassian-confluence.log

1 2 3 4 5 6 7 2017-08-04 10:12:34,771 ERROR [http-nio-443-exec-2] [renderer.internal.http.HttpClientFetcher] fetch Unable to perform a request to: https://localhost:443/rest/gadgets/1.0/g/messagebundle/en_GB/gadget.common%2Cgadget.activity.stream%2Cstreams.comment.action%2Cstream.error.unexpected -- url: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

Diagnosis

Environment

  • SSL is enabled

Cause

The error message is caused by failed SSL connection due to missing certificate in the truststore.

During the upgrade, moving to another server or just updating the JDK/JRE, all SSL certificates will be overwritten if you are using the default cacerts truststore.

Solution

Resolution

Extract Confluence's certificate and import into the trust store. Commonly, the trust store is inside of the $JAVA_HOME variable:

  1. Extract the certificate from Confluence:

    1 openssl s_client -connect <confluence.url-or-confluence.ip>:<secure-port> < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt

    ℹ️ Replace the <confluence.url-or-confluence.ip>:<secure-port> for the correct information, like confluence.example.com:443.

  2. Import the certificate into Confluence's cacert:

    1 $JAVA_HOME/bin/keytool -import -alias cert -keystore $JAVA_HOME/jre/lib/security/cacerts -file public.crt

  3. Restart Confluence

Updated on April 8, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community