Jira is not as good at SSL encryption/decryption as Proxies are, so there will be enough of a performance hit for users to notice. To be clear, I will go over the method for setting up Jira to serve SSL translation itself, but this is not the recommended method. These programs and called Proxies and are just specially configured Web Servers. There are two options here: Plug the information directly into Jira and have it handle SSL, or use a program to sit in between Jira and the Users to handle SSL translation for Jira. So, you have all these files, and now you need to set them up to be used in Jira. Installing your Certificate directly to the Jira Service In your configuration, you will specify the Certificates between you and the Root Certificate, and these are provided by your CA when you purchase your Certificate. This is where the Chain Certificates come in. But, it is your server’s responsibility to provide all the intermediary certificates that connect your Cert up to the Root Certificate. The two most popular ways I’ve seen this done by a) providing some challenge string you have to add to your Domain’s DNS as a TXT record or b) answering some response sent to the admin email at that domain.īut how do you trust that Certificate Authority? Well, you go up a chain until you get to Root Certificate – which is the highest authority whose recognition is built-in to modern browsers. There are several schemes to do this – but it usually comes down to you proving you own the domain one way or another. This is done because your Certificate will be signed by a Certificate Authority who says they have confirmed you are who you say you are. Their solution: Have someone you trust to vouch for them. How does your Browser know the Certificate a site is using is who they claim to be? This question was the principal problem they were trying to solve when Netscape first dreamed up HTTPS. This Certificate is usually a single file onto itself and will be called out specifically in your configuration. The Certificate is the public key in your key pair – and is what browsers will use to encrypt and decrypt data coming from your system. After you generate your request, you won’t need it again, but it is a critical part of the process. This file is generated simultaneously as your key and will be what you use to communicate the details of your certificate request to the certificate authority. It is the only file that can decrypt requests sent to your server, and if hackers get it, they can pretend to be you. This key is the file you need to keep secure to maintain security. Most certificate authorities will have guides to generate these different files (and if they don’t, I won’t give them my money), so I won’t go into detail about getting them. Different files associated with the Certificateīefore we get too far down the rabbit hole, let’s take a moment to talk about the different files that you will need as you generate and install your Certificate. Instead, I will be talking about the practicalities of setting up your Jira instance to use SSL Certs. Today I won’t go into how HTTPS works in any detail – if you want to know that, I recommend this article by Cloudflare. By doing so, you will deny anyone sitting between you and the Jira Server access to read whatever you are sending back and forth (see aforementioned passwords and company secrets). This is likely fine for a test instance you only need for a few days, but if you are setting this up for Production use, you should be accessing Jira via the encrypted HTTPS protocol. Simply put, they never imagined a situation where you would be using this tool to send passwords, company secrets, and banking information across the network.īy default, Jira is configured to use the unencrypted HTTP protocol out of the box. Considering the HTTP protocol was initially designed to share research materials across the early network, this does make sense. So, in the early internet, they prioritized access over security. That being said, this is important…and more importantly, it’s the only thing on my backlog that looks interesting today! So let’s dig into setting up Jira to be accessed securely by assigning it an SSL Certificate. This topic can be a bit of a rabbit hole and one that I’m wary of. It’s not that I don’t believe in having a certificate on your service – quite the opposite. Well, I’ve been avoiding this topic for a while.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |