KB483819: Using the Jira Cloud connector on IBM WebSphere results in a certificate chaining error

Description 

While using the Jira Cloud connector on IBM WebSphere, an error appears when loading data and the data fails to load.
Using Dev Tools on Google Chrome, the following error appears in the network panel:

com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: \n\tjava.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is: \n\tjava.security.cert.CertPathValidatorException: Certificate chaining error

Why is this happening?

An intermediate certificate for Jira Cloud is not in IBM WebSphere's JVM trust store. IBM WebSphere requires all the chaining certificates, including intermediate certificates, be in the trust store. Not having these certificates in the trust store causes the certificate validation to fail.
Below is the certificate chain of Jira Cloud. The certificate used by Jira Cloud is not issued directly by a root CA. Instead, there is an intermediate certificate.

Solution

This is an IBM specific problem. As such, the following solution may not apply to all customer environments using IBM WebSphere.
It's recommended to consult with IBM WebSphere support if the following steps do not resolve the error.
 

• Log in to your IBM WebSphere account.
• Under Security, select SSL certificate and key management.
• Click Key stores and certificates. 
  

• Click NodeDefaultTrustStore.
  

• Under Additional Properties, click Signer certificates.
  

• Click Retrieve from port to add a certificate. 
  

• Enter the necessary information under General Properties.
  
• Host: Enter the Jira project path.
• Port: 443
• Alias: Enter an alias of your choice. 

• Click Retrieve signer information to test.
• Click Save.
• Restart the server.