If you are hosting a local instance of JIRA and have a self-signed cert than you will need to perform the following steps. This is necessary because Java won't trust this endpoint without providing the certificates to it.
In the 2nd link Jira provides a download link towards a file named SSLPoke.class. This is a helpful tool for diagnosing the issue. If you download it and copy it over to your VM you can run it by opening up the terminal or command prompt, changing directory to where SSLPoke.class is located, and executing the following command:
java SSLPoke example.atlassian.net 443
You will likely see the following from executing the SSLPoke or through the Repeater Agent.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Jira provides some documentation on how to address this issue, however we have a slightly different recommendation. You can follow the following steps listed here. This assumes you have java installed on the system already.
This is a 3 step process of:
java -jar InstallCert.jar example.atlassian.net
This will open a connection to the endpoint specified and will throw an SSLException if it cannot currently connect, which is expected. It will then say “Server sent 2 certificate(s)” - this may be 1-3 certificates.
Once this is complete you will have a new keystore located at the directory you are currently in. This is the file named jssecacerts. i.e. we have a new keystore file now and we just need to swap it in so Java can utilize it.
Following this you can re-test it with the SSLPoke from Jira or restart the Repeater Agent.
If at any point Java or the keytool asks for the certificate password, the default password is generally “changeit”.