-
Suggestion
-
Resolution: Invalid
NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.
Problem Definition
Currently JIRA is not able to send a client certificate in two-way SSL configuration.
The reason for this feature is in JIRA 7, to improve gadget load performance JIRA needs to be able to connect back to its own URL.
If the URL points to a reverse proxy that has two-way SSL enforced, e.g. possibly via Apache HTTP Server's SSLVerifyClient, then JIRA would need to be able to present a client certificate to the proxy. This fails and a "handshake_failure" is thrown.
Suggested Solution
Allow JIRA to send a client certificate when requested.
Workaround
Configure Apache HTTP to not ask for client certs from JIRA host, e.g. similar to question below:
http://serverfault.com/questions/411858/allowing-users-in-from-an-ip-address-without-certificate-client-authentication
- is related to
-
JRASERVER-61567 Allow JIRA to use two-way SSL with mandatory client certificate
- Gathering Interest