Jira fails to startup with MySQL 8 due to "Public Key Retrieval is not allowed"
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
When starting up Jira, you encounter the following warning.
Reviewing the atlassian-jira.log we can see that the startup fails due to Jira not being allowed to retrieve the database public key.
atlassian-jira.log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
2024-03-13 17:47:05,013-0500 JIRA-Bootstrap ERROR [c.a.config.bootstrap.DefaultAtlassianBootstrapManager] Could not successfully test your database:
java.sql.SQLNonTransientConnectionException: Public Key Retrieval is not allowed
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:111)
at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:815)
at com.mysql.cj.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:438)
at com.mysql.cj.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:241)
at com.mysql.cj.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:189)
at java.sql/java.sql.DriverManager.getConnection(Unknown Source)
at java.sql/java.sql.DriverManager.getConnection(Unknown Source)
...
Caused by: com.mysql.cj.exceptions.UnableToConnectException: Public Key Retrieval is not allowed
...
at com.mysql.cj.exceptions.ExceptionFactory.createException(ExceptionFactory.java:61)
at com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin.nextAuthenticationStep(CachingSha2PasswordPlugin.java:131)
at com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin.nextAuthenticationStep(CachingSha2PasswordPlugin.java:49)
at com.mysql.cj.protocol.a.NativeAuthenticationProvider.proceedHandshakeWithPluggableAuthentication(NativeAuthenticationProvider.java:446)
at com.mysql.cj.protocol.a.NativeAuthenticationProvider.connect(NativeAuthenticationProvider.java:215)
at com.mysql.cj.protocol.a.NativeProtocol.connect(NativeProtocol.java:1428)
at com.mysql.cj.NativeSession.connect(NativeSession.java:133)
at com.mysql.cj.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:935)
at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:805)
... 34 more
2024-03-13 17:47:05,168-0500 JIRA-Bootstrap ERROR [c.a.jira.health.HealthChecks] JIRA couldn't connect to your database
2024-03-13 17:47:05,168-0500 JIRA-Bootstrap ERROR [c.a.jira.health.HealthChecks] JIRA failed to establish a connection to your database.
This could be because:
- Your database isn't running
- The configuration of your dbconfig.xml file is incorrect (user, password, or database URL etc.)
- There is a network issue between JIRA and your database (e.g. firewall, database doesn't allow remote access etc.)Environment
Tomcat 9 & MySQL 8.
ℹ️ You can check the Tomcat version your Jira versions uses through:
Cause
This is a characteristic of Tomcat 9 when connecting to MySQL8 using the '{{useSSL=false}}' parameter. Even though it is set to false, Tomcat will still attempt to retrieve the database public key, resulting in this failure if it is not explicitly allowed to do so.
Solution
In order to resolve this problem we have two different options that can be used:
Remove the 'useSSL=false' parameter from the Jira database connection string.
Include the allowPublicKeyRetrieval parameter from your Jira database connection string. Resulting in 'allowPublicKeyRetrieval=true&useSSL=false'.
Was this helpful?