javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Please note that Atlassian Support does not provide troubleshooting for SSL certificates as describe by our support offering here:

Atlassian products interface with a variety of technologies. Front-end solutions like Web Servers (eg Apache HTTP Server), load balancers, single sign-on solutions (SSO), SSL certificates and LDAP repositories add functionality that is often critical to functioning of our products.

Atlassian will endeavour to provide documentation for integration with these 3rd party applications but does not provide support for 3rd party applications. We are unable to provide support when a failure in a 3rd party application occurs.

Problem

You have already imported the target server's certificate into Confluence's keystore, as described in Connecting to LDAP or Jira applications or Other Services via SSL.

The following appears in the atlassian-confluence.log:

1 2 org.springframework.ldap.CommunicationException: server:636; nested exception is javax.naming.CommunicationException: server:636 [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure]

Cause

The CA's intermediate certificates are not imported into Confluence's keystore. For example: https://support.globalsign.com/customer/portal/articles/1211591-trusted-root-intermediate-certificates (GlobalSign), or this: https://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-tomcat-4-x5-x6-x7-x (for GoDaddy, refer to the section under "Installing Your SSL in Tomcat").

Resolution

  • Follow your CA's instructions to import the intermediate certs into Confluence's keystore. You may need to contact your CA's support for further assistance, as this is beyond the scope of Atlassian Support

Updated on April 15, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageProblemCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community