Can SSL certificate for JIRA expire?

First Last July 6, 2015

Hi all,

Our AD users lost access to JIRA. It happened just abruptly.

Because we a had a working connection JIRA <-> AD.

Long ago we tuned such integration through our home made certificate using "./keytool -import" and it worked.

Yesterday I found out that "ldap.secure" parameter set to "true" I changed it to "false", restarted JIRA but still no access for AD users. 


Log:

Caused by: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: <server name>; nested exception is javax.naming.CommunicationException: <server name>:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] 

So can SSL certificate expire?

And what else can be done to fix it?

Thank you. 

2 answers

1 accepted

1 vote
Answer accepted
Manse Wolken
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 6, 2015

Yes, SSL certificates expire.

You need to create a new one and import it to Jira, just as you did with the old one. 

Dave C
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 6, 2015

Also the certificates are stored in the trust store, which is typically cacerts located in a subdirectory the Java home directory. If you make any changes to Java, such as upgrading it, this can overwrite that trust store and you need to re-import the certs.

Sergey Svishchev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 6, 2015

Better yet, import the CA certificate(s) that sign the LDAP server's certificate.

0 votes
First Last July 7, 2015

Thank you all, chaps

A newly generated certificate sorted that out. 

Suggest an answer

Log in or Sign up to answer