Details
-
Bug
-
Resolution: Won't Fix
-
Low
-
None
-
4.4.5, 5.2.11, 6.2, 6.2.1
-
4.04
-
Description
SSL support seems to be a big critical issues with JIRA that was ignored for quite some time.
SSL certificates are usually replaced once a year (average), and considering the number of system that JIRA has to interact with the number of certificates could easily go above 15 / jira instance.
Why? Just count few other instances to connect with: JIRA, Confluence, Bamboo, Crucible, SMTP servers, IMAP servers, ....
Now JIRA fails to validate even certificates that are recognized perfectly by all 5 major browsers, requiring admins to manually add the certificates to the truststore and to restart JIRA.
So, if you have a JIRA instance with ~15 certificates you would be required to restart JIRA ~15 times an year (every ~20 days) just to repair broken communication with other systems.
This is something unacceptable for a system that is supposed to be up 24x7.
There are at least two things that have to be fixed here:
- Accept any SSL certificates that are globally acceptable.
- Provide a way to install new certificated that does not require instance restart.
Ideally, SSL authentications from AppLinks windows, SMTP and IMAP/POP3 should prompt the user to accept a new certificates.
Attachments
Issue Links
- has a derivative of
-
JRASERVER-33226 Bundle the JIRA SSL Plugin by default and automatically prompt users to import certs that are missing
- Closed
- is related to
-
JRASERVER-33643 Import StartCom root certificates to Java's certificates store
- Closed
-
JRASERVER-34624 Include an option to define keystoreType when using JIRA configuration tool
- Gathering Interest