Allow JIRA to use two-way SSL with mandatory client certificate

XMLWordPrintable

    • 6
    • 52

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Problem Definition

      Currently JIRA is not able to send a client certificate in two-way SSL configuration.
      The reason for this feature is in JIRA 7, to improve gadget load performance JIRA needs to be able to connect back to its own URL.
      If the URL points to a reverse proxy that has two-way SSL enforced, e.g. possibly via Apache HTTP Server's SSLVerifyClient, then JIRA would need to be able to present a client certificate to the proxy. This fails and a "handshake_failure" is thrown.

      Suggested Solution

      Allow JIRA to send a client certificate when requested.

      Workaround

      Configure Apache HTTP to not ask for client certs from JIRA host, e.g. similar to question below:
      http://serverfault.com/questions/411858/allowing-users-in-from-an-ip-address-without-certificate-client-authentication

            Assignee:
            Unassigned
            Reporter:
            Daniel Leng (Inactive)
            Votes:
            36 Vote for this issue
            Watchers:
            33 Start watching this issue

              Created:
              Updated: