Certificate has expired
Recently my team started getting a “certificate has expired” error either when accessing the sidebar or settings panel, connected to our Jira Server and Bitbucket Server. We have a 2 year SSL certificate and the problem seems to have happened after the 1 year mark. We don’t have any issues accessing our Jira and Bitbucket instances with Chrome/Safari.
Code: Version: 1.45.1
Extension: 2.6.1
Jira: 8.6.1
Bitbucket: 6.8.0
MacOS 10.15.5
Comments (10)
-
-
Same thing here. Our Comodo cert (verified by the Sectigo Root Cert) is valid until mid-July 2021, so it wouldn’t even be expired if you subtracted a year.
This is our cert: https://crt.sh/?id=1587025417
-
FWIW, we replaced our root bundle and things are working just fine again. Apparently it works without replacement for browsers but basically any other method of connection (ssl libs, curl) is going to have a bad time.
-
I’m trying to narrow down which library might be causing this issue, for anyone that’s still having the problem, are you using the “Use Custom SSL Settings” option in the Atlassian VSCode configuration?
-
reporter No we don’t use that option, it looks like our issue is same as above and affects other non-browser connections for us
-
- changed status to open
-
@Nick Rundquist we are not using any custom SSL Settings, just the defaults if you are still investigating this. We, generally speaking are having Jira connectivity issues from anything other than a web browser and newer clients. It’s unlikely there is anything wrong with the atlascode methods of connecting perse except that they don’t follow newer cert validation chains. I think our final resolution will be changing the cert on our Jira application which should get the expired cert from Sectigo out of the chain.
FWIW, we’ve tried updating our root certs on JIRA, but that has not been successful to this point.
-
I haven’t had time to look in to this too deeply but right now it looks like a library included by the version of Node.js included with VS Code might not be behaving correctly. I’m not sure there’s much we’ll be able to do on our end to fix the problem so if you’re able to update your certs that’s probably the way to go.
-
If it helps, it’s fairly simple to replace your certificate bundle on the Jira instance:
- Download this https://crt.sh/?id=1720081 as UserRoot.pem
- Download this https://crt.sh/?id=1199354 as SectigoRoot.pem
Then take your certificate and glom them all together:
cat MYCERT.pem SectigoRoot.pem UserRoot.pem > MYCERT.bundle
Then upload and replace in your proxy or Jira application.
You can verify the setup here: https://www.ssllabs.com/ssltest/index.html
-
- changed status to resolved
- Log in to comment
We are having this issue as well. We’ve been able to trace it as far as having an issue with Secitgo Root Cert:
https://access.redhat.com/articles/5117881