Jira 11 doesn't include SSLHostConfig parameters by default in server.xml

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Low
    • None
    • Affects Version/s: 11.0.0, 11.3.3
    • Component/s: Tomcat
    • None
    • 11
    • Severity 3 - Minor

      Issue Summary

      Jira 11 doesn't include the SSLHostconfig parameters by default in server.xml file as per the latest changes with Tomcat 10.

      Even when server.xml is generated from config.sh, Jira still uses the deprecated SSL attributes (keystoreFile, keystorePass, keystoreType, keyAlias, sslProtocol) directly on the connector, which Tomcat 10.1 no longer supports.

      Steps to Reproduce

      1. Install a Jira version prior to 11.x
      1. Run Jira over HTTPS as per Running Confluence over SSL/HTTPS
      1. Upgrade Jira to version 11.x

      Expected Results

      Jira should come up after once upgrade is completed.

      Actual Results

      Jira 11 fails to start and in the application logs we see below error. This indicates that server.xml configuration for the HTTPS connector is missing or incorrectly configured an SSLHostConfig element.

      Even when server.xml is generated using config.sh script, the server.xml generated as per old Tomcat 8/9 SSL attributes.
      The below exception is thrown in the atlassian.jira.log file:
       

      java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [_default_] to match the defaultSSLHostConfigName for the connector [https-jsse-nio-8443] at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:84)

      Workaround

      1. Stop Jira.
      1. Back up server.xml.
      1. Edit server.xml to replace the existing HTTPS connector with something like this:

      (Please replace ******** with your actual keystore password)

      <Connector port="8443"           
protocol="org.apache.coyote.http11.Http11NioProtocol"           maxHttpHeaderSize="8192"           
connectionTimeout="20000"           
maxThreads="150"           
minSpareThreads="25"           
maxSpareThreads="75"           
acceptCount="100"           
enableLookups="false"           
disableUploadTimeout="true"           
scheme="https"           
secure="true"           
SSLEnabled="true"           
useBodyEncodingForURI="true"           
relaxedQueryChars="[]|{}^\`&quot;&lt;&gt;">  
  
<!-- Default SSL configuration for this connector -->    

<SSLHostConfig hostName="_default_"                   
sslProtocol="TLS"                   
certificateVerification="none">        
<Certificate            
type="RSA"            
certificateKeyAlias="te-c68ae431-9c70-4962-8ff2-57c1448c65bd"            certificateKeystoreFile="/home/jira/fiau-2025.pfx"            certificateKeystorePassword="********"            
certificateKeystoreType="JKS" />            
<!-- If /home/jira/fiau-2025.pfx is actually PKCS12, use:              certificateKeystoreType="PKCS12" -->    
</SSLHostConfig>
</Connector>

              Assignee:
              Unassigned
              Reporter:
              Saima Ali Sayyed
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: