Application link creation failure in Fisheye/Crucible - certificate_unknown
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Symptoms
The setup of application link fails between Fisheye/Crucible and JIRA and the following appears in the atlassian-fisheye-YYYY-MM-DD.log:
1
2
3
4
5
6
7
8
9
10
11
2013-02-22 09:53:10,631 WARN [btpool0-36 ] org.mortbay.log Slf4jLog-warn - EXCEPTION
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1839)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1019)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
Diagnosis
Application link setup using insecure protocol succeeds without issues.
Certificates for each server have been imported into the opposing applications installed Java keystore
cacerts.SSLPoke (see PKIX Path Building Failed - Cannot Set Up Trusted Applications To SSL Services) identifies successful connection:
1
2
3
4
5
[bill@jira ~]$ java SSLPoke fisheye.atlas.com 8843
Successfully connected
[bill@fisheye]# java SSLPoke jira.atlas.com 443
Successfully connectedCause
JIRA is bundled with its own JVM which references its own cacerts keystore.
Solution
Resolution
Determine which instance of Java is running JIRA and import the server certificates into the correct keystore:
JIRA
Administration > System InformationSearch the page for "java.home" to determine the location of Java.
Was this helpful?