Problem with JIRA reporter in the internal corporate network

Question

Problem with JIRA reporter in the internal corporate network

plech-sec opened this issue 5 years ago · 6 comments

What ?
At the attempt to connect JIRA and reporting security bugs - an error message appears:

SSL_connect returned=1 errno=0 state=error: certificate verify failed
JIRA is started in the enterprise network, and the certificate is signed through internal corporate CA.
RootCA + InterCA was added to the docker container, but still "certificate verify failed".

I checked on JIRA Cloud - everything is works correctly.

In the certificate:
CN (commonName) = jira.company.com, but SAN (DNS Name) = *. company.com

Perhaps it is a problem?

Answer 1 · 2019-08-12T12:47:20.000Z

Can you run something like curl https://jira.company.com inside the docker image?

Answer 2 · 2019-08-12T17:03:56.000Z

@omerlh
JIRA works behind the TLS terminator.
If I using wget to testing connection inside in the docker container, TLS terminator reponds correctly.

Maybe, doesn't work because
connection is via TLS Terminator rather than directly for the JIRA service ?

Answer 3 · 2019-08-12T17:04:50.000Z

So you're saying that if you access it with wget it works? can you share the command please?

Answer 4 · 2019-10-03T21:46:03.000Z

I apologize for the late reply.
But I have a question, does GLUE use jira-ruby (glue / lib / glue / reporters / jira_reporter.rb) as a task reporter for jira?
Does Jira-ruby correctly verify wildcard certificates?
I suspect Jira-ruby incorrectly verifies wildcard certificates and there is a problem reporting to JIRA.

Answer 5 · 2019-10-22T14:53:31.000Z

I honestly don't know - maybe raise an issue on Jira-ruby repository?

Answer 6 · 2019-12-21T15:18:08.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.