Jira does not start after upgrading from Jira 7.x to 8.x due to a database SSL configuration issue

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

Jira configured to connect the PostgreSQL database over SSL does not start after upgrading to v8.x. The following error is thrown in the application logs:

2019-11-21 14:30:50,228 localhost-startStop-1 INFO      [c.a.j.config.database.SystemDatabaseConfigurationLoader] Reading database configuration from /var/atlassian/application-data/jira/dbconfig.xml
2019-11-21 14:30:50,270 localhost-startStop-1 INFO      [c.a.j.config.database.DatabaseConfigHandler] Trying to get encrypted password from xml and decrypt it
2019-11-21 14:30:50,271 localhost-startStop-1 INFO      [c.a.j.config.database.DatabaseConfigHandler] Database password decryption not performed.
2019-11-21 14:30:50,886 localhost-startStop-1 ERROR      [c.a.config.bootstrap.DefaultAtlassianBootstrapManager] Could not successfully test your database: 
org.postgresql.util.PSQLException: Could not open SSL root certificate file /home/jira/.postgresql/root.crt.
        at org.postgresql.ssl.LibPQFactory.<init>(LibPQFactory.java:120)
        at org.postgresql.core.SocketFactoryFactory.getSslSocketFactory(SocketFactoryFactory.java:61)
        at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:33)
        at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:441)
        at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:94)
        at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
        at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
        at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
        at org.postgresql.Driver.makeConnection(Driver.java:458)
        at org.postgresql.Driver.connect(Driver.java:260)
        at java.sql.DriverManager.getConnection(DriverManager.java:664)
        at java.sql.DriverManager.getConnection(DriverManager.java:247)
        at com.atlassian.config.bootstrap.DefaultAtlassianBootstrapManager.getTestDatabaseConnection(DefaultAtlassianBootstrapManager.java:347)
        at com.atlassian.jira.config.database.JdbcDatasource.getConnection(JdbcDatasource.java:219)
        at com.atlassian.jira.config.database.DatabaseConfig.testConnection(DatabaseConfig.java:88)
        at com.atlassian.jira.health.checks.DbConfigurationAndConnectionCheck.doPerform(DbConfigurationAndConnectionCheck.java:60)
        at com.atlassian.jira.health.HealthCheckTemplate.perform(HealthCheckTemplate.java:23)
        at com.atlassian.jira.health.DefaultHealthCheckExecutor.runCheck(DefaultHealthCheckExecutor.java:74)
        at com.atlassian.jira.health.DefaultHealthCheckExecutor.lambda$applyAndCollectExceptions$1(DefaultHealthCheckExecutor.java:53)
        at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
        at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
        at java.util.Iterator.forEachRemaining(Iterator.java:116)
        at java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
        at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
        at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
        at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151)
        at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174)
        at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
        at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418)
        at com.atlassian.jira.health.DefaultHealthCheckExecutor.applyAndCollectExceptions(DefaultHealthCheckExecutor.java:53)
        at com.atlassian.jira.health.DefaultHealthCheckExecutor.performHealthChecks(DefaultHealthCheckExecutor.java:42)
        at com.atlassian.jira.health.HealthChecks.executeChecksAndRecordResults(HealthChecks.java:164)
        at com.atlassian.jira.health.HealthChecks.runHealthChecks(HealthChecks.java:154)
        at com.atlassian.jira.health.HealthChecks.runHealthChecks(HealthChecks.java:66)
        at com.atlassian.jira.startup.BootstrapContainerLauncher.start(BootstrapContainerLauncher.java:48)
        at com.atlassian.jira.startup.DefaultJiraLauncher.preDbLaunch(DefaultJiraLauncher.java:117)
        at com.atlassian.jira.startup.DefaultJiraLauncher.lambda$start$0(DefaultJiraLauncher.java:103)
        at com.atlassian.jira.util.devspeed.JiraDevSpeedTimer.run(JiraDevSpeedTimer.java:31)
        at com.atlassian.jira.startup.DefaultJiraLauncher.start(DefaultJiraLauncher.java:102)
        at com.atlassian.jira.startup.LauncherContextListener.initSlowStuff(LauncherContextListener.java:154)
        at com.atlassian.jira.startup.LauncherContextListener.initSlowStuffInBackground(LauncherContextListener.java:139)
        at com.atlassian.jira.startup.LauncherContextListener.contextInitialized(LauncherContextListener.java:101)
        ... 5 filtered
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.FileNotFoundException: /home/jira/.postgresql/root.crt (No such file or directory)
        at java.io.FileInputStream.open0(Native Method)
        at java.io.FileInputStream.open(FileInputStream.java:195)
        at java.io.FileInputStream.<init>(FileInputStream.java:138)
        at java.io.FileInputStream.<init>(FileInputStream.java:93)
        at org.postgresql.ssl.LibPQFactory.<init>(LibPQFactory.java:117)

Diagnosis

Environment

Jira 8.x with bundled Postgres JDBC driver version 42.2.5 and over.

Diagnostic Steps

<Jira_HOME>/dbconfig.xml file has ssl=true parameter in the connection settings:
1<url>jdbc:postgresql://jiradbURL:5432/jiradb?ssl=true</url>

Cause

Change Log for Postgres JDBC v42.2.5 indicates that ssl=true implies sslmode=verify-full which validates that the certificate is correct and verify the host connected to has the same hostname as the certificate. As there is no pre-defined certificate by default, Jira is trying to find ~/.postgresql/root.crt file and fails with the error above.

(Auto-migrated image: description temporarily unavailable)

Solution

Resolution

Setting sslmode parameter to require (Atlassian recommended), allow or prefer defaults to a non-validating SSL factory and does not check the validity of the certificate or the hostname whereas verify-full will validate that the certificate is correct and verify the host connected to has the same hostname as the certificate. Please check Connecting to Database for reference.

<url>jdbc:postgresql://jiradbURL:5432/jiradb?sslmode=require</url>

<url>jdbc:postgresql://jiradbURL:5432/jiradb?sslmode=prefer</url>

<url>jdbc:postgresql://jiradbURL:5432/jiradb?sslmode=allow</url>

Unable to connect to database with SSL enabled during Jira setup

Updated on April 2, 2025

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Atlassian Support