Disponible sur : le forfait Enterprise
Disponible pour : Jira on-premise (Serveur / Centre de données)
Une sécurité de transport mutuelle permet d’établir une connexion encore plus sûre entre votre instance Jira et Miro. La fonctionnalité est automatiquement prise en charge pour tous les forfaits Enterprise et ne nécessite aucune configuration du côté de Miro.
⚠️ Notez que cet article ne propose pas d’instructions détaillées, mais fournit simplement un exemple de configuration et notre certificat (à la fin de l’article). Veuillez consulter votre équipe informatique et vos administrateurs système, car selon votre infrastructure réseau, les étapes de configuration peuvent différer.
Choisissez la méthode que vous préférez et ajustez la configuration NGINX que vous avez à l’aide de l’un des snippets suivants. Assurez-vous de remplacer 127.0.0.1 par l’adresse IP ou Web de votre instance Jira et de saisir notre certificat à la place de ENTER_MIRO_CERTIFICATE_HERE.
Validation via le certificat
Voici l’exemple de la configuration NGINX ci-dessous :
'''ssl_verify_client optional; ssl_verify_depth 3; set $cert_old "ENTRER_ANC_Certificat_MIRO_ICI"; set $cert_new "ENTRER_NOUV_Certificat_MIRO_ICI"; set $valid_cert_flag 0; location /jira/plugins/servlet/oauth/authorize { proxy_pass http://127.0.0.1/jira/plugins/servlet/oauth/authorize; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10M; proxy_redirect off; } location /jira/login.jsp { proxy_pass http://127.0.0.1/jira/login.jsp; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10M; proxy_redirect off; } location /jira { if ($ssl_client_raw_cert ~ $cert_old) { set $valid_cert_flag 1; } if ($ssl_client_raw_cert ~ $cert_new) { set $valid_cert_flag 1; } if ($valid_cert_flag != 1) { return 403 "Certificat invalide\n"; } proxy_pass http://127.0.0.1/jira; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10M; proxy_redirect off; }
'''Validation via l’empreinte du certificat
Voici l’exemple de la configuration NGINX ci-dessous :
ssl_verify_client optional; ssl_verify_depth 3; set $fingerprint_old "ENTREZ_L'ANCIEN_EMPREINTE_DU_CERTIFICAT_MIRO_ICI"; set $fingerprint_new "ENTREZ_LA_NOUVELLE_EMPREINTE_DU_CERTIFICAT_MIRO_ICI"; set $valid_fingerprint_flag 0; location /jira/plugins/servlet/oauth/authorize { proxy_pass http://127.0.0.1/jira/plugins/servlet/oauth/authorize; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10M; proxy_redirect off; } location /jira/login.jsp { proxy_pass http://127.0.0.1/jira/login.jsp; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10M; proxy_redirect off; } location /jira { if ($ssl_client_fingerprint = $fingerprint_old) { set $valid_fingerprint_flag 1; } if ($ssl_client_fingerprint = $fingerprint_new) { set $valid_fingerprint_flag 1; } if ($valid_fingerprint_flag != 1) { return 403; } proxy_pass http://127.0.0.1/jira; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10M; proxy_redirect off; }Certificats Miro
Le nouveau certificat est valable jusqu'au 14 décembre 2026.
-----BEGIN CERTIFICATE----- MIIFBTCCAu2gAwIBAgIUeB+3gSF1xoR9xrCrGoTRXZLYV+EwDQYJKoZIhvcNAQEL BQAwEjEQMA4GA1UEAwwHY2FfbWlybzAeFw0yNjAyMTcxNzA2MTRaFw0yNjEyMTQx NzA2MTRaMBIxEDAOBgNVBAMMB2NhX21pcm8wggIiMA0GCSqGSIb3DQEBAQUAA4IC DwAwggIKAoICAQCtRlgo6yypDcTFSE/ODVmHU5lzluceyfj1ByKfxQmkfHtYugN9 PQRrDhV66drU5CKAHCI0pVo0PwTYisaMGmkyKK7WqFPdgx/4hQA/Ch97VjMrKY+u VsK7rvuHERFJvX63wGM7F9vJT8t819GTa9rPlBpWO7NPuO4jgIwHXlA/Emfjwu4Z wucLslP7bU9EJNLVnzC7rWCwM0kPXsN9Jwoj4O4PDrOSgRu+LJI8gV4mVrMnE3Qq yd4ZLliI82XsRfpjSMmy/0LqfZ86aXxuBk52wSGtHrK83hyscN5l8PHqs1Ka7CvU /22fGsvlfWbfNxLLgbeNZvH4PaTs5vkzlsmO3/5W28gklGwv9XgXhm1C7dSYCTIf jxzAphlvvoo9m7UAHl3AxHCchJXKqax64e1Hanx+vh2V7k/+E/ULgATUVB+ezUDI oCM7AzJoaTg1wTwwtdfifYdgWxfEzion3QcHqhv3WeyzHCtOx+2xbaL21+6Ubtdv TTKbAD1ZkCtPyJ08dr0r32AEY0xpboTOB8r6rRacwSEYm26iidNyZA1ztDUhAMdu xT4i4ZKvUlJDOHbrjonHejJGtL1t52FCUDUCC46lyfoFt33N3hBR3hcwP7EPXEhb i5WI3QWF1oqP/yPWbC+l/ynm+pRDsbExx9x9Cd992my+LbxB2AQfacmSJQIDAQAB o1MwUTAdBgNVHQ4EFgQU+T1NQVQ4sEkQgucvwAAyv9LzNSswHwYDVR0jBBgwFoAU +T1NQVQ4sEkQgucvwAAyv9LzNSswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B AQsFAAOCAgEADuuVEF51RXb9NVs+19op20Uz/043JbZdoLWFaJJ4jL0XLJwdwsj9 G7eTffSRfRdbA0vfqlfss3lreMS9hFxFBCcA58QjwwLARvFZZoyY6iOh3KtSeMns RzTG3y6hBPeHEZEfRdEdQLR8heAPLqBCpfyfZ2qHPZpDQPiOMg63SSDWynY39zyX IcRXRKS4WAoiujVeSXc7ruTCVdonzrdPJrq9BSqKgv4bu2Wt6XBuXsCKh7fYhQSi WTciyadNoFkDJQsQuQKSLDlD7G3Tv3l+Ihu1GL1oiyhTcVHTCFymB81EGQ0MhHGJ qejQ0Kc1AmPn6Cc5XqVW0i0dUCGy3HDujCYlTusT9jijMXlZ25EaceFL7W+Ks5sa 2jVRnSzg5mJuNYo9x2SleemuyHsCviDgaL4DDBAELkxThDDi3XP+gY4XkJ+9yNuz oCsiZvhLEttQdA2DG3Iaw8kTtQbdLpUlGPPMUZ/pJv2pSlno8D5LvI4sCFPuz7mP QXQKjbOUd6OFQRk0GLgoPQVgl4Tyjkukf8oGa/WmheIcu1oeJBYcoQbSvjeTwfzu rHivIxpDK0GTQ5THbfGhTi64/+TFXSe0URKrHKt2H6gSdwtdV195PVSzKD4EZtAY 4m6L2k8AfTULlNVUADD09H36OszfS+Y3oW0cefDsRQdNRfcgD0vGzso= -----END CERTIFICATE-----L’ancien certificat est valable jusqu’au 3 mars 2026.
-----BEGIN CERTIFICATE----- MIIGpTCCBY2gAwIBAgIIbaA2mhVx/aAwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1 cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjUwMzA2MDczMzM5WhcN MjYwMzAzMDkyMTEyWjAeMRwwGgYDVQQDExNqaXJhLWNhcmRzLm1pcm8uY29tMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR7OWjYSgesjXzQW6R7r8jss NNPeS5ypbqZIdBMnuX9Rh62+wbNPo7FcKEe3BdmnmerCd3u47P6MJQTRXn6dBRMr 2g/nVvNHYtdxQB2iE+Rtwv2h+sDpkRO47N097q4wlhvelkFgUgULZx0LI/KPdPxC umZsjg6Ck/ssgcj4aWZMCCWjLTLXu8Gaz/2h8TocqweZXQ0dmvoJqB1CSzslQXBV IB+XxMeSoekojcY6pV4cfIfI57f5EfvLuUoiP6Q177Oe/eIymTrt4kEkeSX7UgXF 6qVF9bV7wTOMQ1DY+0kDIRuyg8cCdG7Ul0k6wXYt3XOTtxtDnRhkscR5juzGHQID AQABo4IDTjCCA0owDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6 Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS00MTA2NS5jcmwwXQYDVR0gBFYwVDBI BgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVz LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRq MGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEF BQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5 L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjA3BgNV HREEMDAughNqaXJhLWNhcmRzLm1pcm8uY29tghd3d3cuamlyYS1jYXJkcy5taXJv LmNvbTAdBgNVHQ4EFgQU2wiZ/76DT0QSteUPWyBAumMf5WcwggF+BgorBgEEAdZ5 AgQCBIIBbgSCAWoBaAB1AA5XlLzzrqk+MxssmQez95Dfm8I9cTIl3SGpJaxhxU4h AAABlWpf1PEAAAQDAEYwRAIgBBQQGJQkwhokMXvDY9I1vpoSa32LYQ5ZuMnvszku n0YCIGMGcLWstkn3w9R1rt5tkdig6x5lvDxD7SiXdlPTcTCOAHcAZBHEbKQS7KeJ HKICLgC8q08oB9QeNSer6v7VA8l9zfAAAAGVal/WEQAABAMASDBGAiEAzHNCpKCV CibQO2srPHm7dIOTYV195V7DgzAzzQW55OgCIQDfZcnbV/2SmLTDHaC0Wa2fEUIL aEWfjwmd0W2S1dgv6AB2AMs49xWJfIShRF9bwd37yW7ymlnNRwppBYWwyxTDFFjn AAABlWpf1ukAAAQDAEcwRQIhAOxJmzEchKWsyYGFmbnxltjVix51fCL9FO5iTpUg tJWPAiBnz/LqP/IFQ7X0rgzLDNofv/8U6XW81EqrXL/GAhvlszANBgkqhkiG9w0B AQsFAAOCAQEAh6+0QB+bufxxhRy9zKq4MCAnqnyRgCJyQjUrwdr6kXOD9uvuyMtH jMERa+Q1/l00zNzE3u4j7u5TaTTZK7pj6GMUDUtEZU6zRFnbB4pKKop8ycIeaw5L ++w827r0b6+B2rd/JN9uHP/gWDJ/QRlLPVVl3fOs31Xp978G9wlch+oCUfFHW2H9 1vwn5v35G9DiTPl2ulRqr25k2Bi92G7IRJ9n51iHJpzEF+wUdZx/vZyHnBdDp1DK QDS5t4yGOW+VeINyw5gv5eQqw1j5+Q7PDlPODs1kQrVbuT/rV+bjPsQbPADAoLRP Mz8ZzEaMBqf35vY6DMTX46gig3K12sumYQ== -----END CERTIFICATE-----
Différentes façons de configurer
Vous pouvez choisir parmi deux options en ce qui concerne la vérification de la validation :