If one or more of the applications and/or mail server is using SSL, you might come across the following error when trying to connect to that server:
If this happens, make sure that the public key of the server is imported into the application server's keystore. Following are the steps:
Obtain the server's public key: The public/private key pair will live somewhere on the server. If you have open SSL installed locally, the key can be retrieved with a command like:
- Cut and paste the certificate (including BEGIN and END lines) into a local file (eg. Jira.pem).
- Import the public key: To do this, you need to use the keytool program that comes with the Java platform used to run Tomcat & ConnectALL core service. For example:
- Restart ConnectALL and the Tomcat service.
Export SSL Certificate
Alternatively, you can open your application(Jira, ALM etc.) URL on your browser and export the SSL certificate using browser's export certificate wizard.
SSL import using ConnectALL GUI
You can import SSL certificates from the ConnectALL UI itself. The SSL Import wizard will help you to import certificates into the Java keystore. It automatically detects the JRE keystore used by Tomcat.
If ConnectALL core service is running on a different JRE than Tomcat, you can click the Edit checkbox to change the keystore path of JRE used by ConnectALL core service.
This error is due to the limitation in JDK. To resolve, follow the steps below:
- Download Bouncy Castle jars:
- Copy these jars to JAVA_HOME/jre/lib/ext
Add the following line into JAVA_HOME/jre/lib/security/java.security file,
Note: You need to rearrange the order of other security providers and keep BouncyCastleProvider in position 1.