Updating Java version breaks email ,automation or other integrations

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When changing the Java version used by Jira some functionalities and integrations (for example SMTP connections , Webhooks , Dashboard access ) start to throw SSL exceptions.

Diagnosis

Jira will not be able to trust the destination when establishing an SSL connection and the following exception will be thrown in JIRA_HOME/log/atlassian-jira.log

Exception

1 2 3 4 5 6 sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:384) at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:289) at java.base/sun.security.validator.Validator.validate(Validator.java:264) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) ....

Cause

  1. The truststore that contains the certificate previously, was overwritten with the upgraded Java version.

  2. JAVA_HOME (JDK) or JRE_HOME (JRE) directory has changed and now Jira is looking for the certificate in a different truststore.

Solution

The truststore file cacerts is located by default at $JAVA_HOME/jre/lib/security , It is possible to fix the issue using one of the following methods :

  1. If a backup of the disk drive was made before the update, it is possible to restore the old cacerts file and overwrite the new empty file generated by the Java installer.

  2. If the new JRE/JDK was installed in a new location, replace the new file by copying it from the old path.

  3. Re-import the public certificates again if no backup was made.

The restored file should have the same access rights as the rest of the JRE/JDK files

To see what JAVA_HOME Jira is using, you can :

  1. Go to Administration (

    (Auto-migrated image: description temporarily unavailable)

    ) >System > System info

  2. Look for java.home in System Properties section

Updated on April 2, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community