The Atlassian Marketplace Server is not Reachable Due to Peer Not Authenticated
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
When going to manage/add new add-ons page, this error is displayed:
1
The Atlassian Marketplace server is not reachable. To avoid problems when loading this page, you can disable the connection to the Marketplace serverThe Confluence logs contain the following errors:
1
2013-10-29 14:30:17,194 WARN [http-bio-7990-exec-5] user 870x497x1 1lzkc13 XXX.XXX.XXX.XXX,127.0.0.1 "GET /plugins/servlet/upm/marketplace HTTP/1.0" com.atlassian.upm.pac.PacClientImpl Error when querying application info from MPAC: com.atlassian.marketplace.client.MpacException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticatedCause
The Atlassian Marketplace needs to verify the SSL connection between Confluence and itself. This occurs because the certificate is missing or has been tampered with by the local Proxy.
Resolution
If using Windows we recommend using the tool specified in Connecting to SSL services to do this as it is easier.
To resolve this you need to manually import the certificates using the steps below:
Download the following certificates with the commands below and remove everything but the certificates themselves:
Linux
1 2 3openssl s_client -connect marketplace.atlassian.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > marketplace.atlassian.com.crt openssl s_client -connect plugins.atlassian.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > plugins.atlassian.com.crt openssl s_client -connect api.media.atlassian.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > api.media.atlassian.com.crtWindows
1 2 3openssl s_client -connect marketplace.atlassian.com:443 < NUL > marketplace.atlassian.com.crt openssl s_client -connect plugins.atlassian.com:443 < NUL > plugins.atlassian.com.crt openssl s_client -connect api.media.atlassian.com:443 < NUL > api.media.atlassian.com.crt⚠️ After saving the certificates in Windows, edit them and delete everything before the "BEGIN CERTIFICATE" line and everything after the "END CERTIFICATE" line. This step is not required for Linux.
And then import them into your truststore in this order:
1 2 3keytool -import -alias marketplace.atlassian.com:443 -keystore /path/to/truststore -file /path/to/marketplace.atlassian.com.crt keytool -import -alias plugins.atlassian.com:443 -keystore /path/to/truststore -file /path/to/plugins.atlassian.com.crt keytool -import -alias api.media.atlassian.com:443 -keystore /path/to/truststore -file /path/to/api.media.atlassian.com.crtThe trust store is located in the following directories:
Windows/Linux:
$JAVA_HOME/jre/lib/security/cacertsMac OS (not supported):
$JAVA_HOME/lib/security/cacerts
If keytool prompts for a password, the default is'changeit'.
Please see the following question on Atlassian Answers and Problems Connecting to the Atlassian Marketplace for further information.
Was this helpful?