Confluence Unable to Make Connection to Atlassian MarketPlace
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
Confluence Marketplace is stopped getting connected when Keystore file ( Cacerts ) KetstoreType got changed to PKCS12 from JKS.
Follow Error Message appears in Confluence Manage App page:
And following appears in the atlassian-confluence.log
2020-06-30 09:25:10,686 WARN [https-jsse-nio2-8443-exec-7] [atlassian.upm.pac.PacClientImpl] fetchMpacAppInfo Error when querying application info from MPAC: com.atlassian.marketplace.client.MpacException: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Diagnosis
Environment
This issue comes when Confluence Java Keystore file KeystoreType got changed to PKCS12 from default JKS.
Steps to reproduce the Issue
- First, check that, if you are able to connect the Market Place from the Confluence UI.
Then checked, what is cacerts KeystoreType. For checking, use below Command and check the first line of the result.
keytool -list -v -keystore <cacerts file Path> -storepass <cacerts file Password>
The result should be like below:
Keystore type: JKS Keystore provider: SUN
Now stop the Confluence and Change the KeystoreType from JKS to pkcs12 for Cacerts. use, below Command:
keytool -importkeystore -srckeystore <cacerts file path> -destkeystore <cacerts file path> -deststoretype PKCS12
- After that, Start the Confluence and check the Manage App Page and atlassian-confluence.log. Now, you will start getting the error "the trustAnchors parameter must be non-empty" and you will see that MarketPlace is not connecting from the UI as well.
Then, Again I stop confluence and Change the KeystoreType to JKS and start the confluence.
keytool -importkeystore -srckeystore <cacerts file path> -destkeystore <cacerts file path> -deststoretype JKS
- After changing the KeystoreType to JKS, Confluence able to make the connection to MarketPlace without any error,
Cause
Confluence server will not make MarketPlace connection with Java Keystore File has PKCS12 KeystoreType.
Resolution
The first Check what is the KeyStoreType for the Cacerts, please execute below command and check the first line from the output:
<KeyTool Path> -list -v -keystore <cacerts Path> -storepass <Keystore Password>
If KeystoreType is PKCS12, please change it to the JKS using below Command but please make a copy of cacerts file first. However, below command create one backup of Cacerts but you also keep one with you:
<KeyTool Path> -importkeystore -srckeystore <cacerts Path> -destkeystore <cacerts Path> -deststoretype JKS
Now, restart the Confluence and check the Market Place Connection.