Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-61567

Allow JIRA to use two-way SSL with mandatory client certificate

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      Problem Definition

      Currently JIRA is not able to send a client certificate in two-way SSL configuration.
      The reason for this feature is in JIRA 7, to improve gadget load performance JIRA needs to be able to connect back to its own URL.
      If the URL points to a reverse proxy that has two-way SSL enforced, e.g. possibly via Apache HTTP Server's SSLVerifyClient, then JIRA would need to be able to present a client certificate to the proxy. This fails and a "handshake_failure" is thrown.

      Suggested Solution

      Allow JIRA to send a client certificate when requested.

      Workaround

      Configure Apache HTTP to not ask for client certs from JIRA host, e.g. similar to question below:
      http://serverfault.com/questions/411858/allowing-users-in-from-an-ip-address-without-certificate-client-authentication

      Attachments

        Issue Links

          is related to

          Suggestion - JRASERVER-61567 Allow JIRA to use two-way SSL with mandatory client certificate

          • Gathering Interest

          Activity

            People

              Unassigned Unassigned
              dleng Daniel Leng (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: