Certificate has expired

Comments (10)

1. 

   Joshua Shannon

   We are having this issue as well. We’ve been able to trace it as far as having an issue with Secitgo Root Cert:

   https://access.redhat.com/articles/5117881

   • 2020-06-02T22:47:32+00:00
2. 

   Mike Joseph

   Same thing here. Our Comodo cert (verified by the Sectigo Root Cert) is valid until mid-July 2021, so it wouldn’t even be expired if you subtracted a year.

   This is our cert: https://crt.sh/?id=1587025417

   • 2020-06-03T15:57:01+00:00
3. 

   Mike Joseph

   FWIW, we replaced our root bundle and things are working just fine again. Apparently it works without replacement for browsers but basically any other method of connection (ssl libs, curl) is going to have a bad time.

   • 2020-06-03T20:51:32+00:00
4. 

   Nick Rundquist

   I’m trying to narrow down which library might be causing this issue, for anyone that’s still having the problem, are you using the “Use Custom SSL Settings” option in the Atlassian VSCode configuration?

   • 2020-06-03T21:02:01+00:00
5. 

   Jeffrey Rossiter reporter

   No we don’t use that option, it looks like our issue is same as above and affects other non-browser connections for us

   • 2020-06-03T21:30:40+00:00
6. 

   Nick Rundquist

   • changed status to open

   • 2020-06-03T21:44:40+00:00
7. 

   Joshua Shannon

   @Nick Rundquist we are not using any custom SSL Settings, just the defaults if you are still investigating this. We, generally speaking are having Jira connectivity issues from anything other than a web browser and newer clients. It’s unlikely there is anything wrong with the atlascode methods of connecting perse except that they don’t follow newer cert validation chains. I think our final resolution will be changing the cert on our Jira application which should get the expired cert from Sectigo out of the chain.

   FWIW, we’ve tried updating our root certs on JIRA, but that has not been successful to this point.

   • 2020-06-05T18:54:49+00:00
8. 

   Nick Rundquist

   I haven’t had time to look in to this too deeply but right now it looks like a library included by the version of Node.js included with VS Code might not be behaving correctly. I’m not sure there’s much we’ll be able to do on our end to fix the problem so if you’re able to update your certs that’s probably the way to go.

   • 2020-06-05T20:48:02+00:00
9. 

   Mike Joseph

   If it helps, it’s fairly simple to replace your certificate bundle on the Jira instance:

   • Download this https://crt.sh/?id=1720081 as UserRoot.pem
   • Download this https://crt.sh/?id=1199354 as SectigoRoot.pem

   Then take your certificate and glom them all together:

   cat MYCERT.pem SectigoRoot.pem UserRoot.pem > MYCERT.bundle
   

   Then upload and replace in your proxy or Jira application.

   You can verify the setup here: https://www.ssllabs.com/ssltest/index.html

   • 2020-06-05T21:02:18+00:00
10. 

    Nick Rundquist

    • changed status to resolved

    • 2020-11-02T23:17:54+00:00
11. Log in to comment