Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-61567

Allow JIRA to use two-way SSL with mandatory client certificate

XMLWordPrintable

    • 7
    • 14
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Problem Definition

      Currently JIRA is not able to send a client certificate in two-way SSL configuration.
      The reason for this feature is in JIRA 7, to improve gadget load performance JIRA needs to be able to connect back to its own URL.
      If the URL points to a reverse proxy that has two-way SSL enforced, e.g. possibly via Apache HTTP Server's SSLVerifyClient, then JIRA would need to be able to present a client certificate to the proxy. This fails and a "handshake_failure" is thrown.

      Suggested Solution

      Allow JIRA to send a client certificate when requested.

      Workaround

      Configure Apache HTTP to not ask for client certs from JIRA host, e.g. similar to question below:
      http://serverfault.com/questions/411858/allowing-users-in-from-an-ip-address-without-certificate-client-authentication

            Unassigned Unassigned
            dleng Daniel Leng (Inactive)
            Votes:
            36 Vote for this issue
            Watchers:
            34 Start watching this issue

              Created:
              Updated: