Sorry, the first instance I encountered was not clickable. Otherwise I would have included the logs in the original posts. In summary it is:
org.xwiki.rendering.macro.MacroExecutionException: Failed to retrieve JIRA data from [SERVER] for JQL [issueKey in (ISSUEKEY)]
at org.xwiki.contrib.jira.macro.internal.source.AbstractJIRADataSource.getXMLDocument(AbstractJIRADataSource.java:96)
...
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
...
… which should already have brought me to:
Since I have had to do this for the exact same reason a couple of times already, I should have remembered Thanks for the quick replies, with the certificate added to the truststore the connection works.
We are using the docker image and the keytool command in the linked resource needed some modifications (might be because of the Java version or because the guide was for Mac). Here is a quick writeup of the full procedure in case others need it:
-
Download the certificate (I use Firefox contrary to the guide) and transfer it to the docker host
-
Use docker cp
to copy the certificate to the docker container
-
Use docker exec
to open a shell in the container and run the keytool command for certificate import:
keytool -import -trustcacerts -cacerts -storepass changeit -noprompt -alias AliasForYourCertificate -file /path/to/cert.pem
-
Use exit
to end the shell session in the container
-
Use docker cp
to copy the cacerts file from the container to the host - the location in the container was /opt/java/openjdk/lib/security/cacerts
in our case
-
Stop the container and start it with the modified cacerts file mounted