Crowd connection issue with PostgreSQL: SSL hostname verification error

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Learn how to resolve SSL hostname verification errors when connecting Crowd to PostgreSQL.

Understand the error

When Crowd is configured to use SSL with PostgreSQL, it may fail to establish a connection if the hostname in the JDBC URL does not match any of the entries in the PostgreSQL server's SSL certificate. This results in the following error in the Crowd log:

Server name validation failed: certificate for host DBSERVERNAME dNSName entries subjectAltName, but none of them match. Assuming server name validation failed org.postgresql.util.PSQLException: The DBSERVER could not be verified by hostnameverifier PgjdbcHostnameVerifier.

This issue prevents Crowd from connecting to the database and may cause the application to become unresponsive due to repeated connection pool acquisition failures.

Solution

Bypassing hostname verification while still using SSL encryption

1. Stop the Crowd application.

2. Open the file ${CROWD_HOME}/shared/crowd.cfg.xml in a text editor.

3. Update the JDBC URL by appending sslmode=require to disable certificate hostname checks while keeping SSL enabled. Be sure to use & for XML formatting:

<property name="hibernate.connection.url"> jdbc:postgresql://dbservername:5432/crowddb?ssl=true&amp;sslmode=require&amp;reWriteBatchedInserts=true </property>

4. Save the file.

5. Start Crowd.

This approach disables hostname verification but maintains SSL encryption. For production environments with strict security policies, consider updating your PostgreSQL certificate to include a matching hostname in the SAN field and use sslmode=verify-full instead.

For more details on PostgreSQL's SSL modes and client verification options, refer to the official documentation:

Updated on June 10, 2025
Platform
Data Center only
Product
Crowd Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community