This page last changed on Oct 09, 2007 by jlargman.

The {rss}, {jiraissues} or {html-include} macros fail when retrieving data from SSL (https) servers

Confluence is deployed on Linux, and pages containing these macros fail to load, or load very slowly

If Confluence is deployed on Linux, and you experience time-outs or slow page loads when accessing pages that cuase SSL-protected resources to be loaded, it could be because Linux is not generating secure random numbers fast enough, and Java is blocking waiting for more to be generated. If this is the problem, apply the following fix:

  1. Edit $JAVA_HOME/jre/lib/security/java.security and change the property:
    securerandom.source=file:/dev/random
    to:
    securerandom.source=file:/dev/urandom
  2. Restart Confluence.

More information is available here: CONF-2848. (You could also install dedicated cryptographic hardware into your server that guarantees fast secure random number generation, but that might be overkill )

Confluence does not accept the authority of the server's signing certificate

If Confluence is displaying or logging errors related to not being able to verify the certificate of an SSL/https server, then it may be that the SSL server certificates are not signed by an authority recognised by Confluence's Java environment. In this event you will need to add the signing authority of the server's SSL certificate to Java's store of trusted signers. You can find further instructions here:

  1. Retrieving the Certification Path of an SSL Server
  2. Adding a Certificate to a Key Store

Troubleshooting this issue

A sample stacktrace from a thread dump will look like this:

"Thread-3693" daemon prio=1 tid=0x081943b8 nid=0x618d runnable [0x94a7e000..0x94a7ef60]
	at java.net.SocketInputStream.socketRead0(Native Method)
	at java.net.SocketInputStream.read(SocketInputStream.java:129)
	at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
	at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:723)
	- locked <0xbb360dc8> (a java.lang.Object)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:680)
	at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
	- locked <0xbb360e80> (a com.sun.net.ssl.internal.ssl.AppInputStream)
	at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
	at java.io.BufferedInputStream.read1(BufferedInputStream.java:256)
	at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
	- locked <0xbb360e98> (a java.io.BufferedInputStream)
	at com.sun.jndi.ldap.Connection.run(Connection.java:784)
	at java.lang.Thread.run(Thread.java:595)
Document generated by Confluence on Dec 03, 2008 15:18