JIRA applinks fail if SSL certificate uses Subject Alternative Name (SAN)

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Low
    • None
    • Affects Version/s: 7.13.4, 8.5.2
    • Component/s: Application Links
    • 7.13
    • 11
    • Severity 3 - Minor
    • 0

      Issue Summary

      Attempting to create application link from JIRA to another application will fail if that application runs over HTTPS with SSL certificate that uses Subject Alternative Name (SAN) different from DNS name, e.g. rfc822name. JIRA 7.13 to 8.5 uses Apache HttpClient 4.5.5, which is affected by https://issues.apache.org/jira/browse/HTTPCLIENT-1906

      Steps to Reproduce

      1. Configure JIRA and Confluence to run over HTTPS with SSL certificate using entry Subject Alternative Name: RFC822Name=SysIngSUN@example.com
      2. Ensure Confluence's certificate is accepted by SSLPoke on Jira side
      3. From JIRA, create an application link to Confluence

      Expected Results

      The applinks creation is successful on both sides.
      JIRA is able to load gadgets

      Actual Results

      The applinks fails on JIRA side.

      The below exception is thrown in the xxxxxxx.log file:

      javax.net.ssl.SSLPeerUnverifiedException: Certificate for <confluence.example.com> doesn't match any of the subject alternative names: [SysIngSUN@example.com]

      Workaround

      Use certificate without SAN at all, or with correct DNS name entry.

            Assignee:
            Unassigned
            Reporter:
            Anna Cardino (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: