After configuring JIRA with SSL, application won't start.
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
After configuring the SSL settings as per of the instructions of: Running JIRA over SSL or HTTPS, JIRA won't start.
The following appears in the catalina.out log:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
INFO: Initializing ProtocolHandler ["http-bio-8080"]
Aug 01, 2014 10:28:23 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
Aug 01, 2014 10:28:29 AM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore
SEVERE: Failed to load keystore type JKS with path /root/jira.jks due to /root/jira.jks (Permission denied)
java.io.FileNotFoundException: /root/jira.jks (Permission denied)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(Unknown Source)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:400)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:306)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:565)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:505)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
1
2
SEVERE: Failed to load keystore type JKS with path /root/jira.jks due to /root/jira.jks (Permission denied)
java.io.FileNotFoundException: /root/jira.jks (Permission denied)
Cause
The CA was stored in the /root directory of a Linux installation, the Tomcat process can't reach the /root directory, even though the user used to start JIRA is the Owner of the CA file.
Resolution
Add SSL Certificates automatically!
If you'd prefer to do this through the UI, we now have an Atlassian Labs plugin for this process.
Move the jks file to a different path. EG: /opt/atlassian/jira/jira.jks
Adjust the conf/server.xml to use the new path for the keystore.
Was this helpful?