Application link creation failure in JIRA - certificate_unknown
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Application link fails from Jira to other applications. The following message is displayed in atlassian-jira.log:
1
2
2022-09-01 10:08:54,959-0400 https-openssl-nio-443-exec-103 ERROR asdwa1 608x34344424x1 9paaa9 10.10.10.10 /rest/applinks/3.0/applicationlinkForm/manifest.json [c.a.a.c.rest.ui.CreateApplicationLinkUIResource] ManifestNotFoundException thrown while retrieving manifest
com.atlassian.applinks.spi.manifest.ManifestNotFoundException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknownApplication link setup using insecure protocol succeeds without issues.
Steps on this article have been followed and the issue still persists.
Certificates for each server have been imported into the opposing applications installed Java keystore
cacerts.SSLPoke (see PKIX Path Building Failed - Cannot Set Up Trusted Applications To SSL Services) identifies successful connection.
Cause
If Jira is unable to retrieve the manifest (baseURL/rest/applinks/3.0/applicationlinkForm/manifest.json) from the remote application, it will fail to establish the application link. There are some startup parameters that can modify the default truststore and keystore that Jira uses for outbound and inbound SSL connections. Truststore holds the certificates that will be used when connecting to remote server through SSL, when you setup keystore is used by Jira to allow clients to connect to it using HTTPS. However, the following parameters may alter the default and overwrite the store location:
-Djavax.net.ssl.trustStore
-Djavax.net.ssl.trustStorePassword
-Djavax.net.ssl.keyStore
-Djavax.net.ssl.keyStorePassword
Solution
If all the articles presented on the summary were followed, where all the correct certificates are available yet the error message is still present, verify if the above parameters are configured on config.sh/config.bat files, remove those and restart the application before trying a new application link setup.
Was this helpful?