Problem
Login into JIRA not working. JIRA is connected to LDAP.
Analysis
less /app/jira/jira/logs/catalina.out [...] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [...]
less /app/jira/jira/bin/setenv.sh [...] # DO NOT remove the following line JAVA_HOME="/app/jira/jira/jre/"; export JAVA_HOME [...]
ls -lisah /app/jira/jira/jre/lib/security/ [...] 134994220 116K -rw-rw-r--. 1 jira myusers 113K Jun 28 2019 cacerts [...]
keytool -list -v -keystore /app/jira/jira/jre/lib/security/cacerts Enter keystore password: <Just hit RETURN> [...] lots of certificates [...] keytool -list -v -keystore /app/jira/jira/jre/lib/security/cacerts -alias ldap.services.mycompany --> Shows LDAP Certificate Details
Fix the Problem
Get LDAP SSL Cerificate and put it into Keystore:
openssl s_client -connect ldap.services.mycompany:636 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ldap-sslcert.pem /app/jira/jira/jre/bin/keytool -import -keystore /app/jira/jira/jre/lib/security/cacerts -file /tmp/ldap-sslcert.pem -alias ldap.services.mycompany Enter keystore password: changeit keytool error: java.lang.Exception: Certificate not imported, alias <ldap.services.mycompany> already exists keytool -delete -keystore /app/jira/jira/jre/lib/security/cacerts -alias ldap.services.mycompany Enter keystore password: changeit /app/jira/jira/jre/bin/keytool -import -keystore /app/jira/jira/jre/lib/security/cacerts -file /tmp/ldap-sslcert.pem -alias ldap.services.mycompany Enter keystore password: changeit Trust this certificate? [no]: yes Certificate was added to keystore
Restart Jira:
systemctl start jira ########### ## Restart of Jira takes very long, wait for 10 minutes ###########
Test
Go to JIRA Login Page and login.
It is working again.