- JIRA 7 Administration Cookbook(Second Edition)
- Patrick Li
- 349字
- 2021-07-16 10:48:07
Installing SSL certificates from other applications
You might need to connect JIRA to other services, such as LDAP, mail servers, and other websites. Often, these services make use of SSL. In such cases, the connection will fail, and you will see the following errors in your JIRA log file:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Getting ready
For this recipe, we will use the Java keytool utility, so make sure you have the following configuration set up:
- Obtain the SSL certificate from the target system.
- Ensure that the
JAVA_HOMEenvironment variable is set properly. - Make sure you know which JDK/JRE JIRA is using. You can find this information on the System Info page, where you need to look for the
java.homeproperty. - Make sure your JRE/JDK's bin directory is added to your PATH environment variable, and the
keytoolcommand will output its usage. - Obtain the password for the Java trust store used by JIRA.
How to do it...
In this recipe, let's assume we want to connect JIRA to an LDAP server that is running on SSL. Perform the following steps to make it a trusted site inside JIRA:
- Open up a command prompt and go to the directory where the certificate file resides.
- Import the certificate into the trust store by running the
keytool -import -alias tomcat -file file.cer JAVA_HOME\jre\lib\security\cacertscommand, wherefile.ceris the certificate file. - Restart JIRA to apply the changes.
How it works...
When JIRA attempts to connect to an SSL-protected service, it will first check whether the target service's certificate can be trusted. This is done by checking to see whether the certificate is present in what is called the trust store. If the certificate is not present, the connection will fail.
The trust store is typically a KeyStore repository called cacerts and is located in the $JAVA_HOME/lib/security directory on the server.
We used the keytool utility to import the certificate to our local trust store, so the target service will be registered as a trusted service and allow JIRA to successfully connect to it.
- GeoServer Cookbook
- Offer來(lái)了:Java面試核心知識(shí)點(diǎn)精講(原理篇)
- PyQt從入門到精通
- 秒懂設(shè)計(jì)模式
- Learning AndEngine
- C語(yǔ)言實(shí)驗(yàn)指導(dǎo)及習(xí)題解析
- Python面向?qū)ο缶幊蹋簶?gòu)建游戲和GUI
- Unreal Engine 4 Shaders and Effects Cookbook
- Building Android UIs with Custom Views
- SQL Server數(shù)據(jù)庫(kù)管理與開(kāi)發(fā)兵書(shū)
- Clean Code in C#
- Hands-On Robotics Programming with C++
- R的極客理想:量化投資篇
- Java EE實(shí)用教程
- 算法超簡(jiǎn)單:趣味游戲帶你輕松入門與實(shí)踐