### Summary We self host our JIRA and GitLab (Docker). We want to integrate the JIRA Features in Gitlab like descripted here: https://docs.gitlab.com/ee/user/project/integrations/jira.html We entered a valid administrator account in username / password-fields. We entered a valid url (https://jira.DOMAIN.int:8443). We looked for the right transition ID and entered it (71 in our case). Error: Test failed. Save anyway. **The integration_json.log shows: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error)** What we have done so far? - entered the correct host in /etc/hosts - download the self signed certificat with Chrome in 3 files (main certificat and 2 roots certificat) - Run reconfigure in gitlab and see the output, that all 3 files are recognized in Recipe: gitlab::add_trusted_certs - Look in the /opt/gitlab/embedded/ssl/certs and see 3 correct system links to the 3 files in /etc/gitlab/trusted-certs - Run OpenSSL from Gitlab: Connected! *root@c9cab22e6481:/etc/gitlab# echo | /opt/gitlab/embedded/bin/openssl s_client -connect jira.xxx.int:8443 CONNECTED(00000003) Can't use SSL_get_servername depth=0 C = DE, ST = RLP, L = KO, O = xxx AG, OU = GOE, CN = JIRA verify return:1 Certificate chain 0 s:C = DE, ST = RLP, L = KO, O = xxx AG, OU = GOE, CN = JIRA i:C = DE, ST = RLP, L = KO, O = xxx AG, OU = GOE, CN = JIRA Server certificate -----BEGIN CERTIFICATE----- MIIDVTCCAj2gAwIBAgIEU135NjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJE RTEMMAoGA1UECBMDUkxQMQswCQYDVQQHEwJLTzEUMBIGA1UEChMLR09FUkxJVFog QUcxDDAKBgNVBAsTA0dPRTENMAsGA1UEAxMESklSQTAeFw0xODA3MjMxMDU0NTRa Fw0yMjA4MzExMDU0NTRaMFsxCzAJBgNVBAYTAkRFMQwwCgYDVQQIEwNSTFAxCzAJ BgNVBAcTAktPMRQwEgYDVQQKEwtHT0VSTElUWiBBRzEMMAoGA1UECxMDR09FMQ0w CwYDVQQDEwRKSVJBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeh6 g6I5ErXj6ZaIf9f+RIHZRbDDjRxk1APXWN914iO6EA+l/tdGvSKY0e4WJu16hOPn klUYq+iaMKVE9LTezu7W1LZ2r+QiDMus7GV3z+x1wq3UZ8m/Mxnr4iiz6WIemWEY Gdifmsa6BVicai/RZs3sQeVpuO3qovKbKV1DxbJ9TX+g2OFrEYqwE6mZiRR23/kp IzOeNOlhWtVYyjRXpIMmyGpWE+/H3ijVIMKBe2UDb59ORsxILGIk9llfDBWw7e1h Zx7MfCwQ5tb5B75a1He4ROAolymYigszgU+lEwmFcM+cu58gfyU99eF/QaLESBSS J3ZMP5+6xt2s3bCxEQIDAQABoyEwHzAdBgNVHQ4EFgQU3SRIHlvXyp+CDR5SCNww ramoI8kwDQYJKoZIhvcNAQELBQADggEBAB/mB7rys9JHZdvxzXI9z068MjXVifcK jif2GoSV3LC1PQXET4OxcpLdEVCuZP9KFKOQBYriblrlxT7uXoipqZ0VNN7EgYNv ivEZcKV6+JtkASCJMD1Tv1iWqoKZeJHgu2EJVQUnL3ZOsl4u57awYAaou8u25O1s ZtRe4V6GKdgetsp98qMK0B0YLM2+Ot8Nb2sWE6m+gDbMizRblny9hbv9znJbNSWE WgDmPK+ZKJQyumXZU+oJ5bvmPfA79H69mqytHRl42d7ql9yQlscuBYGVHoxevOKk Z94kd889sAjF2dZR7nc2JN4rV1qUNDB4tHV+o0RTmw9hBMg+E6sPYa4= -----END CERTIFICATE----- subject=C = DE, ST = RLP, L = KO, O = xxx AG, OU = GOE, CN = JIRA issuer=C = DE, ST = RLP, L = KO, O = xxx AG, OU = GOE, CN = JIRA No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits SSL handshake has read 1345 bytes and written 419 bytes Verification: OK New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 5F0445083881A3E4B6DE86A7C1238D35F05BFBB914FD9F8E6F463C4CA87BFF03 Session-ID-ctx: Master-Key: 5CF9A153121058D6E1D9D3D0D63F8A17BB813ED22464FFA8A35398F8069D34580359299E6EA80E08413D9B2524714B7C PSK identity: None PSK identity hint: None SRP username: None Start Time: 1594115336 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes DONE* - Run openssl x509 -in /etc/gitlab/trusted-certs/certificat.cer -text -noout *Certificate: Data: Version: 3 (0x2) Serial Number: 1398667574 (0x535df936) Signature Algorithm: sha256WithRSAEncryption Issuer: C = DE, ST = RLP, L = KO, O = xxx AG, OU = GOE, CN = JIRA Validity Not Before: Jul 23 10:54:54 2018 GMT Not After : Aug 31 10:54:54 2022 GMT Subject: C = DE, ST = RLP, L = KO, O = xxx AG, OU = GOE, CN = JIRA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:8d:e8:7a:83:a2:39:12:b5:e3:e9:96:88:7f:d7: fe:44:81:d9:45:b0:c3:8d:1c:64:d4:03:d7:58:df: 75:e2:23:ba:10:0f:a5:fe:d7:46:bd:22:98:d1:ee: 16:26:ed:7a:84:e3:e7:92:55:18:ab:e8:9a:30:a5: 44:f4:b4:de:ce:ee:d6:d4:b6:76:af:e4:22:0c:cb: ac:ec:65:77:cf:ec:75:c2:ad:d4:67:c9:bf:33:19: eb:e2:28:b3:e9:62:1e:99:61:18:19:d8:9f:9a:c6: ba:05:58:9c:6a:2f:d1:66:cd:ec:41:e5:69:b8:ed: ea:a2:f2:9b:29:5d:43:c5:b2:7d:4d:7f:a0:d8:e1: 6b:11:8a:b0:13:a9:99:89:14:76:df:f9:29:23:33: 9e:34:e9:61:5a:d5:58:ca:34:57:a4:83:26:c8:6a: 56:13:ef:c7:de:28:d5:20:c2:81:7b:65:03:6f:9f: 4e:46:cc:48:2c:62:24:f6:59:5f:0c:15:b0:ed:ed: 61:67:1e:cc:7c:2c:10:e6:d6:f9:07:be:5a:d4:77: b8:44:e0:28:97:29:98:8a:0b:33:81:4f:a5:13:09: 85:70:cf:9c:bb:9f:20:7f:25:3d:f5:e1:7f:41:a2: c4:48:14:92:27:76:4c:3f:9f:ba:c6:dd:ac:dd:b0: b1:11 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: DD:24:48:1E:5B:D7:CA:9F:82:0D:1E:52:08:DC:30:AD:A9:A8:23:C9 Signature Algorithm: sha256WithRSAEncryption 1f:e6:07:ba:f2:b3:d2:47:65:db:f1:cd:72:3d:cf:4e:bc:32: 35:d5:89:f7:0a:8e:27:f6:1a:84:95:dc:b0:b5:3d:05:c4:4f: 83:b1:72:92:dd:11:50:ae:64:ff:4a:14:a3:90:05:8a:e2:6e: 5a:e5:c5:3e:ee:5e:88:a9:a9:9d:15:34:de:c4:81:83:6f:8a: f1:19:70:a5:7a:f8:9b:64:01:20:89:30:3d:53:bf:58:96:aa: 82:99:78:91:e0:bb:61:09:55:05:27:2f:76:4e:b2:5e:2e:e7: b6:b0:60:06:a8:bb:cb:b6:e4:ed:6c:66:d4:5e:e1:5e:86:29: d8:1e:b6:ca:7d:f2:a3:0a:d0:1d:18:2c:cd:be:3a:df:0d:6f: 6b:16:13:a9:be:80:36:cc:8b:34:5b:96:7c:bd:85:bb:fd:ce: 72:5b:35:25:84:5a:00:e6:3c:af:99:28:94:32:ba:65:d9:53: ea:09:e5:bb:e6:3d:f0:3b:f4:7e:bd:9a:ac:ad:1d:19:78:d9: de:ea:97:dc:90:96:c7:2e:05:81:95:1e:8c:5e:bc:e2:a4:67: de:24:77:cf:3d:b0:08:c5:d9:d6:51:ee:77:36:24:de:2b:57: 5a:94:34:30:78:b4:75:7e:a3:44:53:9b:0f:61:04:c8:3e:13: ab:0f:61:ae* - Flush trusted-certs-directory-hash with rm /var/opt/gitlab/trusted-certs-directory-hash ### Steps to reproduce See Summary ### Example Project Self hosted, cant to a example ### What is the current *bug* behavior? "Test failed" in the GUI. Error in the integration_json.log: {"severity":"ERROR","time":"2020-07-07T09:34:38.352Z","correlation_id":"XRqyN3nTWLa","service_class":"JiraService","project_id":16,"project_path":"vivavis-mgt/vivavis.platform.management","message":"Error sending message","client_url":"https://jira.DOMAIN.int:8443","error":"SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error)"} ### What is the expected *correct* behavior? Working as intendet :) Save the formular at least without error. ### Relevant logs and/or screenshots Integrations_json.log: {"severity":"ERROR","time":"2020-07-07T09:34:38.352Z","correlation_id":"XRqyN3nTWLa","service_class":"JiraService","project_id":16,"project_path":"vivavis-mgt/vivavis.platform.management","message":"Error sending message","client_url":"https://jira:8443","error":"SSL_connect returned=1 errno=0 state=error: certificate verify failed (unspecified certificate verification error)"} ### Output of checks (If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com) #### Results of GitLab environment info System information System: Proxy: no Current User: git Using RVM: no Ruby Version: 2.6.6p146 Gem Version: 2.7.10 Bundler Version:1.17.3 Rake Version: 12.3.3 Redis Version: 5.0.9 Git Version: 2.27.0 Sidekiq Version:5.2.7 Go Version: unknown #### Results of GitLab application Check Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 13.3.0 ? ... OK (13.3.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 11/1 ... yes 5/2 ... yes 8/3 ... yes 8/4 ... yes 8/5 ... yes 5/6 ... yes 5/7 ... yes 5/8 ... yes 12/9 ... yes 11/12 ... yes 11/13 ... yes 11/14 ... yes 5/15 ... yes 12/16 ... yes 13/19 ... yes 14/20 ... yes 8/21 ... yes 12/22 ... yes 17/24 ... yes 8/25 ... yes Redis version >= 4.0.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.6) Git version >= 2.22.0 ? ... yes (2.27.0) Git user has default SSH configuration? ... yes Active users: ... 6 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Elasticsearch version 5.6 - 6.x? ... skipped (elasticsearch is disabled) Checking GitLab App ... Finished Checking GitLab subtasks ... Finished