Originally asked by Marijn Stapert on 27 October 2021 (original question)
Is there a way to easily configure this plugin for 2 way ssl between 2 server instances? We could try to make an whitelist entry in our proxy for this but this requires consent from multiple parties. We’re also not 100% sure if this will actually work so it’s not a preferred solution.
Comments:
Francis Martens (Exalate) commented on 27 October 2021
Marijn Stapert - what do you mean with ‘2 way ssl’ ?
Marijn Stapert commented on 28 October 2021
2 servers both requiring a certificate to communicate with, so if they want to communicate; both servers need to know each others identity
Francis Martens (Exalate) commented on 28 October 2021
Alright - thanks for clarifying.
Exalate is deployed as an add-on on Jira Server, and is using the http configuration of Jira to exchange messages with the exalate on the other side. So I suspect that the 2 way ssl is enforced by the current configuration - something to be tested
In addition to this - because not all environments are enabled for such authentication, Exalate signs every message using a symmetric signature.
With this signature, the other end will know that the message is coming from the right source.
More about this is detailed in the Exalate Security and Architecture whitepaper