Error authenticating with Jira: Error: unable to verify the first certificate
Issue #409
new
My organization has several self-hosted Jira and Bitbucket instances. All have “valid” certificates, that are signed by our proxy root certificate. The root certificates are in the Windows trusted root store. I’ve tried exporting the Jira site cert to a cer file and selecting the custom SSL option, but still get the same error listed above. I’ve also tried exporting all of the root certificates to a PFX file, but that also did not work. As it stands, I’m unable to use the extension with our Jira and Bitbucket servers. How do I connect this extension to our servers?
OS: Windows 10 1909
Visual Studio Code: 1.44.2
Atlassian Extension: 2.5.1
Comments (3)
-
Account Deactivated
-
reporter
Thanks Jonathan for the reply, but I'm still unsure how I can proceed. I’ll try to work with the admins of the servers, but I have to assume this is something that won’t get fixed. Do you have any tips on how to generate the required cert file(s) and which option to select when creating the connection? When viewing the site in web browsers, and viewing the certificate, the certificate chain is valid and all certs in the chain do show up to the root cert that our IT department has installed on our computers. I’m just not sure how to go about creating files in the format this tool will require.
Edit: Using the openssl command listed in your link, it looks like our server has 1 of 2 intermediate certificates included. Does this extension not consult the windows certificate store when validating certificates?
Edit 2: I’ve exported the missing intermediate cert as a DER encoded .cer file and included it using the “Use custom CA certificate(s) (e.g. a self-signed cert)” option, but that didn’t work. I then also exported our root certificate, and included it as a second file, but got the same error. Is there a particular file format I should export these as?
-
Account Deactivated
@Ryan Dunn Thanks for taking the time to debug this. The “Use Custom CA Certificate(s)” is the correct place to specify the absolute path of the certs.
The certs need to be .pem files. You can find instructions on how to convert your DER to a PEM here:
https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-themOur extension uses this library for adding the certs. Posting the link here for you in case it’s useful.
Let me know how it goes.
- Log in to comment
@Ryan Dunn It seems like your cert was created without the intermediate certs being bundled. I think your options are to either fix your server’s cert to include the intermediate certs, or to include the certs (custom ssl cert paths) when authenticating using our extension.
see this for more information: https://git.coolaj86.com/coolaj86/ssl-root-cas.js#user-content-unable-to-verify-the-first-certificate