Jira server is not Reachable Due to Peer Not Authenticated
Refer to the steps below when using the plugin with Jira Server or Data Center instance with self signed certificate.
We recommend using Openssl that comes with git installation when running on Windows to not to risk by downloading 3rd party openssl implementaions
(in all commands below instead of jira.host.url
substitute your Jira server url)
Run cmd
as administrator on Windows
cd C:\Program Files\Git\usr\bin\
openssl s_client -connect jira.host.url:443 < NUL > c:\tempCert\jira.host.url.crt
After saving the certificates in Windows, edit them and delete everything before the "BEGIN CERTIFICATE" line and everything after the "END CERTIFICATE" line. This step is not required for Linux.
Java 9+
So with Java 9 (aka Java 1.9) or later, simply use
keytool -importcert -trustcacerts -cacerts -file c:\tempCert\jira.host.url.crt -alias jira.host.url
Earlier Java versions
With Java 8 (aka 1.8) or older, you must specify the keystore location like so
keytool -importcert -trustcacerts -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -file c:\tempCert\jira.host.url.crt -alias jira.host.url
With Java 5 (aka 1.5) or older, the -importcert
option did not exist. It was called -import
, but otherwise it's identical. So use
keytool -import -trustcacerts "%JAVA_HOME%/jre/lib/security/cacerts" -file c:\tempCert\jira.host.url.crt -alias jira.host.url
The trust store is located in the following directories:
Windows/Linux:
%JAVA_HOME%/jre/lib/security/cacerts
Mac OS (not supported):
$JAVA_HOME/lib/security/cacerts
If keytool prompts for a password, the default is 'changeit'.