Problem

After updating Java, crowd no longer synchronised with Confluence and Jira.

The following appears in the atlassian-confluence.log or atlassian-jira.log

2015-07-21 14:03:17,348 ERROR [scheduler_Worker-3] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 294914 ].
com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: xxxx.xxxxxx.xx:xxx; nested exception is javax.naming.CommunicationException: xxxx.xxxxxx.xx:xxx [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address xxx.xxx.xx.xx found]

Diagnosis

Environment

• Java version: 1.7.0_45 and  1.8.0_51 ( There might be other java version that are affected)

Cause

If the instance is using SSL, you will need to explicitly state the IP address in the certificate. For more information you may read this blog.

Workaround

• Add the following parameter in Setenv,sh. Make sure Secure SSL is ticked.

  -Djdk.tls.trustNameService=true

Resolution

• If you'd like to connect via using IP as hostname, your certificate should include that ip value as a subject alternative name value (of type IPAddress : key=7).

• If you'd like to connect via using DNS as hostname, your certificate should either include that DNS name as a subject alternative name value (of type DNS : key=2) or as a CommonName(CN) value.