Workflow triggers not working when behind a reverse proxy that serves multiple SSL certificates

Summary

The lack of SNI support in JIRA for remote events prevents workflow triggers from being created. The other features of Application Links, such as the Development Panel, work without issue.

JIRA bundles and older version of the atlassian-remote-event library which includes a version of httpclient that does not have SNI support. Version 2.0.2 of remote events includes SNI support and an updated version of httpclient.

Environment

• Reverse proxy serving multiple SSL certs

Steps to Reproduce

1. Setup JIRA and Bitbucket Server behind a reverse proxy that serves multiple SSL certificates
2. Connect JIRA to Bitbucket Server via AppLinks
3. Attempt to setup a workflow trigger, for example, to transition an issue when a pull request is created

Expected Results

Trigger is created successfully

Actual Results

Diagnostics for the trigger fail and JIRA reports that it is not able to communicate to Bitbucket Server.

• Enabling package to have debug on com.atlassian.event.remote.impl.diagnostics in order to see below logging

The below exception is thrown in the jira.log file:

2017-01-28 07:48:24,710 ajp-nio-8009-exec-10 DEBUG luis.guevara 468x445x1 ktche5 73.209.192.223 /rest/dev-status/1.0/trigger/diagnostics/pullrequests [c.a.e.r.impl.diagnostics.DefaultRemoteEventConsumerStatus] Unexpected exception querying 06aededb-4f45-3c9b-b094-69b8a3e69c21 at https://bitbucket.company.com/rest/remote-event-producer/1/capabilities
javax.net.ssl.SSLException: hostname in certificate didn't match: <bitbucket.company.com> != <some.other.server.company.com>

You may alternatively see the following exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Workaround

Bypass the reverse proxy and follow How to create an unproxied application link.