Troubleshooting SSL

SSL issues in TFS4JIRA may be tricky to troubleshoot. This article aims to help support engineers with the initial problem assessment and potential solutions.

General network issues

• Is the customer able to access the Jira instance from the server where the Synchronizer is running?
• Is the Synchronizer server's clock set to UTC?
• Does the customer have any load balancers or proxies between the Synchronizer's server and Jira?
  • In case they do, they will need to add the LB/proxy IP address to the web.config file (just before the system.web tag):

    • <system.net>
          <defaultProxy useDefaultCredentials="true">
            <proxy
              proxyaddress="http://IP_ADDRESS_OF_YOUR_PROXY"
              bypassonlocal="true"
            />
          </defaultProxy>
      </system.net>

Intermediate certificates

Sometimes the problem is caused because the machine or VM where the Synchronizer is running is not trusting the corporate security certificate. Ask the customer whether there were any recent changes to the corporate certificate, and make sure they check the following article as well:

• Troubleshooting ASP.NET – The remote certificate is invalid according to the validation procedure

Strong encryption

The problem can also be caused if the server is configured to allow .NET applications to use ciphers different than TLS 1.2. The customer can update the registry file to force those applications to use TLS 1.2:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001