Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Do I need https for JIRA in a Intranet?

Mark
Mark March 19, 2018

Our company have JIRA, Confluence and Fisheye. All applications are located in intranet. Users cannot access outside office.

It seems to me it is not necessary to apply for a SSL cert and install.

The only problem I can see is, when user using Confluence to open an office document (e.g. word, excel) it prompt for "Access to this web server is disabled by default because it is controlled by basic authentication and does not use SSL....". This problem can be resolved by change registry (https://confluence.atlassian.com/confkb/unable-to-edit-files-in-office-due-to-ssl-not-being-enabled-598213057.html)

What do you think? I understand https should give better security. However, from an admin's view, is it worth the trouble?

Answer
Watch
Like Be the first to like this
405 views

2 answers

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 20, 2018

SSL should really be used for anything a human might put data into.  Plain text http is only suitable for read-only sites or isolated networks with no wireless devices.

Reply
0 votes
Alexey Matveev
Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 20, 2018

I had a Jira and Confluence installation in intranet without ssl. I worked just fine. It all depends on your security guidelines. But we used SSO, so that any user could not get the password of other users. I think it is the most important problem. If you use basic authentication and you do not have ssl, then passwords of users can be intercepted.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events