Hey, Taras!
This could be an issue on the JVM truststore, you should add the certificate in order to connect with it using the keystore. The PKIX error that we're facing means that the JVM doesn't trust the secure service that JIRA is trying to connect to it. This is because the public SSL certificate from the service was not imported to the JVM cacerts file (truststore).
I'd like to provide a brief explanation below of how the SSL works in JIRA. Basically, we have two areas of SSL that can sometimes be confusing:
- The Tomcat/Proxy certificate: this will be used to serve a secure connection to the client machines connecting to JIRA. This certificate is deployed on the proxy end or on the Tomcat server.xml file;
- The JAVA Virtual Machine (JVM) cacerts file: this is the JAVA truststore where we should import the public SSL certificate from a secure service that JIRA is trying to connect to it. That will allow the JVM to trust on the secure service and establish the connection without giving the PKIX error.
To add the certificate please follow the procedure below:
- In your JIRA instance, go to Administration > System > System Info;
- Search for {{java.home}} and take note of the JAVA path;
- Follow our Connecting to SSL services guide to import the public certificate on the $JAVA_PATH/lib/security/cacerts file;
- Restart JIRA so the changes can take place.
Kind regards,
Maurício Karas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.