1 answer
- 210
Hi
Yes that is more or less our setup but no easy way I am afraid. We have a point tto point VPN running. We ended up having to add the respective cert to the trust store of the machine and needed to config the firewall. And the remote side had no other way than adding an exception and Nating the traffic directly to the Jira machine.
But although it took some time this was more than worth it.
Cheers
Max
If you want a more specific answer I can ask my Arch guy to give me 3-4 Bullets what needed to be done?
- Marijn Stapert
Hey Maximillian,
Thanks for the quick answer!
I was afraid of this, at the moment we're looking at different options for dealing with certificates.
If it's no hassle to you, I'd appreciative the list of bullet points. I'm not sure if we'd go down that road, but it could be a good indication whether it's worth pursuing.
Greets,.
Marijn
Add your comment...
Is there a way to easily configure this plugin for 2 way ssl between 2 server instances? We could try to make an whitelist entry in our proxy for this but this requires consent from multiple parties. We're also not 100% sure if this will actually work so it's not a preferred solution.
Marijn Stapert - what do you mean with '2 way ssl' ?
2 servers both requiring a certificate to communicate with, so if they want to communicate; both servers need to know each others identity
Alright - thanks for clarifying.
Exalate is deployed as an add-on on Jira Server, and is using the http configuration of Jira to exchange messages with the exalate on the other side. So I suspect that the 2 way ssl is enforced by the current configuration - something to be tested
In addition to this - because not all environments are enabled for such authentication, Exalate signs every message using a symmetric signature.
With this signature, the other end will know that the message is coming from the right source.
More about this is detailed in the Exalate Security and Architecture whitepaper