Problem communicating with Crowd due to CertificateExpiredException

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Fisheye/Crucible fails to connect to the external directory for user authentication, and the following appears in the atlassian-fisheye-<date>.log

1 2 3 4 5 6 7 8 9 10 11 12 2015-12-21 11:00:00,000 ERROR - Could not retrieve the authentication token com.cenqua.fisheye.user.AuthenticationException: Problem communicating with Crowd (...) Caused by: com.atlassian.crowd.exception.OperationFailedException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed (...) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed (...) Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed (...) Caused by: java.security.cert.CertPathValidatorException: timestamp check failed (...) Caused by: java.security.cert.CertificateExpiredException: NotAfter: Mon Dec 21 09:00:00 EST 2015

Cause

The certificate used by the external user directory is expired.

Resolution

  1. Generate a new certificate for your external directory and configure it accordingly. You may use the following documents as a reference for the SSL configuration in Crowd and JIRA, respectively:

    1. Configuring Crowd to Work with SSL

    2. Running JIRA over SSL or HTTPS

  2. Import the new certificate into Fisheye/Crucible truststore, so it will trust the new cert and will be able to connect to the external user directory.

  3. Restart Fisheye/Crucible, then try connecting to the external user directory.

Updated on April 8, 2025
Platform
Data Center only
Products
Crucible Data Center
Fisheye Data Center
On this pageProblemCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community