I can't get my Jira Cloud App to installed

matti.kiviharju · November 17, 2017, 3:44pm

I can not get my Jira Cloud App to installed even I have a trusted SSL Certificate.

What to do?

alexter_pr · November 17, 2017, 4:14pm

Can you please describe your problem in depth? What errors do you get, are you using any official frameworks like atlassian-connect-express or atlassian-spring-boot, or something that you made yourself? Are you hosting locally or on server (your own, or something like heroku)

matti.kiviharju · November 17, 2017, 4:21pm

I get this error:

I just host my app on my VPS.

matti.kiviharju · November 18, 2017, 9:03am

Here is my JSON code on atlassian-connect.json

{
     "name": "i4ware - Timesheet and Gantt Chart for Jira",
     "description": "i4ware - Timesheet and Gantt Chart for Jira are a tool for make time tracking and project management.",
     "key": "com.i4ware.plugin.timesheet.timesheet",
     "links": {
         "self": "https://tagcfj.i4ware.fi/atlassian-connect.json"
     },
     "baseUrl": "https://tagcfj.i4ware.fi",
     "vendor": {
         "name": "i4ware Software",
         "url": "http://www.i4ware.fi"
     },
     "authentication": {
         "type": "jwt"
     },
     "lifecycle": {
        "installed": "/installed.php",
        "uninstalled": "/uninstalled.php",
        "enabled": "/enabled.php",
        "disabled": "/disabled.php"
   	 },
     "scopes": [
       "read",
       "write"
     ],
     "apiVersion": 1,
     "modules": {
         "generalPages": [
             {
                 "url": "/index.php",
                 "key": "gantt-timesheet-dashboard",
                 "location": "system.top.navigation.bar",
                 "name": {
                     "value": "Timesheets and Gantt Charts"
                 },
                 "conditions": [
                    {
                        "condition": "user_is_logged_in"
                    }
                ]
             }
         ]
     }
 }

matti.kiviharju · November 18, 2017, 9:24am

Here is my SSL Certificate:

david.pinn · November 19, 2017, 12:46pm

Firstly, I verified that I can get to your atlassian-connect.json end-point in my browser. No problem. The SSL certificate, issued by Comodo, is valid. I also check the /installed end-point; and that is fine too.

Then I found this question on the Atlassian Community website: Problem with installing add-on into cloud instance.... One of the respondents there reminded me that a Java HTTP client would use a different certificate chain, potentially, to that available in a browser. He pointed me to some Java code that could be run to check that.

I ran the recommended Java sample, and got this message:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

So it seems to be the case that the Marketplace, which would be accessing your add-on’s host server from within Java, isn’t able to validate the SSL certificate. The question is: what to do about that. There are a couple of things to try. You could try obtaining a free SSL certificate from https://letsencrypt.org/, just to see if that works. I know that the Marketplace accepts Let’s Encrypt certificates; we use one for our own add-on. Beyond that, you might try asking the Marketplace to give you the relevant section from the log files on the Atlassian side.

Warmly,
David

david.pinn · November 19, 2017, 1:13pm

I have more information. I ran your domain name over at SSL Labs, and it reported that the “server’s certificate chain is incomplete.” It appears that intermediate certificates (between your certificate and the Comodo CA certificate) are required in order to validate your certificate.

You could include those certificates one after the other in the same file with your own certificate; and that would complete the chain, I believe. Here’s a site that will help you do that: https://certificatechain.io.