We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

    • 93
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Summary

      With MIG-1210 resolved, there are still cases where CMAs error when it cannot reach a particular endpoint described in IP addresses and domains for Atlassian cloud products.

      For customers that use custom java cacerts truststores, CMAs should be more proactive to detect problems and provide better error messages to the customer.

      There are various errors that appear when a CMA cannot access an endpoint.

      Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
      	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
      	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
      	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
      	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
      	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
      	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
      	at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
      	at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
      	at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
      	at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
      	at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
      	at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
      	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
      	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
      	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
      	at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
      	at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
      	at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
      	at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
      	at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
      	at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
      	at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
      	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
      	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
      	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
      	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
      	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
      	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
      	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
      	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
      	at com.atlassian.migration.agent.media.impl.MediaAuthInterceptor.intercept(MediaAuthInterceptor.java:31)
      	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
      	at com.atlassian.migration.agent.service.impl.UserAgentInterceptor.intercept(UserAgentInterceptor.java:58)
      	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
      	at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
      	at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
      	at com.atlassian.migration.agent.okhttp.HttpService.callImpl(HttpService.java:157)
      	... 22 more
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      	at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
      	at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
      	at java.base/sun.security.validator.Validator.validate(Unknown Source)
      	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
      	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
      	... 56 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
      	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
      	at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
      	... 61 more
      

      Suggestion

      Complete additional network connectivity checks earlier in the migration process and present better error messages when failures occur.

      Workaround

      1. Make sure your Jira or Confluence instance has is allowed to reach the JCMA or CCMA endpoints as described in IP addresses and domains for Atlassian cloud products
      2. If you use custom Java cacerts files, make sure the following domain certificates are trusted:
        1. *.atlassian.com
        2. *.atlassian.net
        3. *.s3.amazonaws.com
        4. *.s3-us-west-2.amazonaws.com

            Loading...
            IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.

              • 93
              • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

                Summary

                With MIG-1210 resolved, there are still cases where CMAs error when it cannot reach a particular endpoint described in IP addresses and domains for Atlassian cloud products.

                For customers that use custom java cacerts truststores, CMAs should be more proactive to detect problems and provide better error messages to the customer.

                There are various errors that appear when a CMA cannot access an endpoint.

                Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
                	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
                	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
                	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
                	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
                	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
                	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
                	at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
                	at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
                	at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
                	at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
                	at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
                	at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
                	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
                	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
                	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
                	at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
                	at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
                	at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
                	at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
                	at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
                	at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
                	at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
                	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
                	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
                	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
                	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
                	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                	at com.atlassian.migration.agent.media.impl.MediaAuthInterceptor.intercept(MediaAuthInterceptor.java:31)
                	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                	at com.atlassian.migration.agent.service.impl.UserAgentInterceptor.intercept(UserAgentInterceptor.java:58)
                	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                	at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
                	at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
                	at com.atlassian.migration.agent.okhttp.HttpService.callImpl(HttpService.java:157)
                	... 22 more
                Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                	at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
                	at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
                	at java.base/sun.security.validator.Validator.validate(Unknown Source)
                	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
                	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
                	... 56 more
                Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
                	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
                	at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
                	... 61 more
                

                Suggestion

                Complete additional network connectivity checks earlier in the migration process and present better error messages when failures occur.

                Workaround

                1. Make sure your Jira or Confluence instance has is allowed to reach the JCMA or CCMA endpoints as described in IP addresses and domains for Atlassian cloud products
                2. If you use custom Java cacerts files, make sure the following domain certificates are trusted:
                  1. *.atlassian.com
                  2. *.atlassian.net
                  3. *.s3.amazonaws.com
                  4. *.s3-us-west-2.amazonaws.com

                        Unassigned Unassigned
                        6c05774b4db4 Carl Adolfson
                        Votes:
                        5 Vote for this issue
                        Watchers:
                        21 Start watching this issue

                          Created:
                          Updated:

                            Unassigned Unassigned
                            6c05774b4db4 Carl Adolfson
                            Votes:
                            5 Vote for this issue
                            Watchers:
                            21 Start watching this issue

                              Created:
                              Updated: