Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-61567

Allow JIRA to use two-way SSL with mandatory client certificate

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      Problem Definition

      Currently JIRA is not able to send a client certificate in two-way SSL configuration.
      The reason for this feature is in JIRA 7, to improve gadget load performance JIRA needs to be able to connect back to its own URL.
      If the URL points to a reverse proxy that has two-way SSL enforced, e.g. possibly via Apache HTTP Server's SSLVerifyClient, then JIRA would need to be able to present a client certificate to the proxy. This fails and a "handshake_failure" is thrown.

      Suggested Solution

      Allow JIRA to send a client certificate when requested.

      Workaround

      Configure Apache HTTP to not ask for client certs from JIRA host, e.g. similar to question below:
      http://serverfault.com/questions/411858/allowing-users-in-from-an-ip-address-without-certificate-client-authentication

            Unassigned Unassigned
            dleng Daniel Leng (Inactive)
            Votes:
            3 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: