Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: System Administration - Others
Labels:
- affects-server
- ssl

UIS:
22
Support reference count:
14
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

Problem Definition

Currently JIRA is not able to send a client certificate in two-way SSL configuration.
The reason for this feature is in JIRA 7, to improve gadget load performance JIRA needs to be able to connect back to its own URL.
If the URL points to a reverse proxy that has two-way SSL enforced, e.g. possibly via Apache HTTP Server's SSLVerifyClient, then JIRA would need to be able to present a client certificate to the proxy. This fails and a "handshake_failure" is thrown.

Workaround

Configure Apache HTTP to not ask for client certs from JIRA host, e.g. similar to question below:
http://serverfault.com/questions/411858/allowing-users-in-from-an-ip-address-without-certificate-client-authentication

Attachments

Issue Links

is superseded by

JRASERVER-64137 As an JIRA Administrator I want JIRA to do call to itself by internal call instead of remote network call

Gathering Interest

relates to

JRACLOUD-61567 Allow JIRA to use two-way SSL with mandatory client certificate

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Daniel Leng (Inactive)

Votes:: 36 Vote for this issue

Watchers:: 34 Start watching this issue

Dates

Created:: 20/Jun/2016 10:06 AM

Updated:: 4 days ago 2:09 AM