Disponible sur : Forfait Enterprise
Disponible pour : Jirasur site (serveur / centre de données)
Une sécurité de la couche de transport mutuelle permet d’établir une connexion encore plus sûre entre votre instance Jira et Miro. La fonctionnalité est automatiquement prise en charge pour tous les plans Enterprise et ne nécessite aucune configuration du côté de Miro.
⚠️ Notez que cet article ne propose pas d’instructions détaillées, il fournit simplement un exemple de configuration et notre certificat (à la fin de l’article). Veuillez consulter votre équipe informatique et vos admins système, car les étapes de configuration peuvent différer en fonction de votre infrastructure réseau.
Choisissez la méthode que vous préférez et ajustez la configuration NGINX que vous avez à l’aide de l’un des snippets suivants. Assurez-vous de remplacer 127.0.0.1 par l’adresse IP ou Web de votre instance Jira et de saisir notre certificat à la place de ENTER_MIRO_CERTIFICATE_HERE./span>
Validation via le certificat
Voici l’exemple de la configuration NGINX ci-dessous :
ssl_verify_client facultatif ;
ssl_verify_depth 3 ;
set $cert_old "ENTER_OLD_MIRO_CERTIFICATE_HERE" ;
set $cert_new "ENTER_NEW_MIRO_CERTIFICATE_HERE" ;
set $valid_cert_flag 0 ;
location /jira/plugins/servlet/oauth/authorize {
proxy_pass http://127.0.0.1/jira/plugins/servlet/oauth/authorize ;
proxy_set_header X-Forwarded-Host $host ;
proxy_set_header X-Forwarded-Server $host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
taille_max_du_corps_du_client 10M ;
proxy_redirect off ;
location /jira/login.jsp {
proxy_pass http://127.0.0.1/jira/login.jsp ;
proxy_set_header X-Forwarded-Host $host ;
proxy_set_header X-Forwarded-Server $host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
taille_max_du_corps_du_client 10M ;
proxy_redirect off ;
emplacement /jira {
if ($ssl_client_raw_cert ~ $cert_old) { set $valid_cert_flag 1 ; }
if ($ssl_client_raw_cert ~ $cert_new) { set $valid_cert_flag 1 ; }
if ($valid_cert_flag != 1) { return 403 "Invalid certificate\n" ; }
proxy_pass http://127.0.0.1/jira ;
proxy_set_header X-Forwarded-Host $host ;
proxy_set_header X-Forwarded-Server $host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
taille_max_du_corps_du_client 10M ;
proxy_redirect off ;
Validation via l’empreinte du certificat
Voici l’exemple de la configuration NGINX ci-dessous :
ssl_verify_client facultatif ;
ssl_verify_depth 3 ;
set $fingerprint_old "ENTER_OLD_FINGERPRINT_OF_MIRO_CERTIFICATE_HERE" ;
set $fingerprint_new "ENTER_NEW_FINGERPRINT_OF_MIRO_CERTIFICATE_HERE" ;
définir $valid_fingerprint_flag 0 ;
location /jira/plugins/servlet/oauth/authorize {
proxy_pass http://127.0.0.1/jira/plugins/servlet/oauth/authorize ;
proxy_set_header X-Forwarded-Host $host ;
proxy_set_header X-Forwarded-Server $host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
taille_max_du_corps_du_client 10M ;
proxy_redirect off ;
location /jira/login.jsp {
proxy_pass http://127.0.0.1/jira/login.jsp ;
proxy_set_header X-Forwarded-Host $host ;
proxy_set_header X-Forwarded-Server $host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
taille_max_du_corps_du_client 10M ;
proxy_redirect off ;
emplacement /jira {
if ($ssl_client_fingerprint = $fingerprint_old) { set $valid_fingerprint_flag 1 ; }
if ($ssl_client_fingerprint = $fingerprint_new) { set $valid_fingerprint_flag 1 ; }
if ($valid_fingerprint_flag != 1) { return 403 ; }
proxy_pass http://127.0.0.1/jira ;
proxy_set_header X-Forwarded-Host $host ;
proxy_set_header X-Forwarded-Server $host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
taille_max_du_corps_du_client 10M ;
proxy_redirect off ;
Certificats Miro
Le nouveau certificat est valable jusqu'au 3 mars 2026.
-----BEGIN CERTIFICATE----- MIIGpTCCBY2gAwIBAgIIbaA2mhVx/aAwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQHEwpTY290dHNkYWxlMRow GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQDEypHbyBEYWRkeSBTZWN1 cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjUwMzA2MDczMzM5WhcN MjYwMzAzMDkyMTEyWjAeMRwwGgYDVQQDExNqaXJhLWNhcmRzLm1pcm8uY29tMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR7OWjYSgesjXzQW6R7r8jss NNPeS5ypbqZIdBMnuX9Rh62+wbNPo7FcKEe3BdmnmerCd3u47P6MJQTRXn6dBRMr 2g/nVvNHYtdxQB2iE+Rtwv2h+sDpkRO47N097q4wlhvelkFgUgULZx0LI/KPdPxC umZsjg6Ck/ssgcj4aWZMCCWjLTLXu8Gaz/2h8TocqweZXQ0dmvoJqB1CSzslQXBV IB+XxMeSoekojcY6pV4cfIfI57f5EfvLuoiP6Q177Oe/eIymTrt4kEkeSX7UgXF 6qVF9bV7wTOMQ1DY+0kDIRuyg8cCdG7Ul0k6wXYt3XOTtxtDnRhkscR5juzGHQID AQABo4IDTjCCA0owDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6 Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZJzMS00MTA2NS5jcmwwXQYDVR0gBFYwVDBI BgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVz LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRq MGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEF BQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5 L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjA3BgNV HREEMDAughNqaXJhLWNhcmRzLm1pcm8uY29tghd3d3cuamlyYS1jYXJkcy5taXJv LmNvbTAdBgNVHQ4EFgQU2wiZ/76DT0QSteUPWyBAumMf5WcwggF+BgorBgEEAdZ5 AgQCBIIBbgSCAWoBaAB1AA5Xlzzrqk+MxssmQez95Dfm8I9cTIl3SGpJaxhxU4h AAABlWpf1PEAAAQDAEYwRAIgBBQGJQkwhokMXvDY9I1vpoSa32LYQ5ZuMnvszku n0YCIGMGcLWstkn3w9R1rt5tkdig6x5lvDxD7SiXdlPTcTCOAHcAZBHEbQS7KeJ HKICLgC8q08oB9QeNSer6v7VA8l9zfAAAAGVal/WEQAABAMASDBGAiEAzHNCpKCV CibQO2srPHm7dIOTYV195V7DgzAzzQW55OgCIQDfZcnbV/2SmLTDHaC0Wa2fEUIL aEWfjwmd0W2S1dgv6AB2AMs49xWJfIShRF9bwd37yW7ymlnNRwppBYWyxTDFFjn AAABlWpf1ukAAAQDAEcwRQIhAOxJmzEchKWsyYGFmbnxltjVix51fCL9FO5iTpUg tJWPAiBnz/LqP/IFQ7X0rgzLDNofv/8U6XW81EqrXL/GAhvlszANBgkqhkiG9w0B AQsFAAOCAQEAh6+0QB+bufxxhRy9zKq4MCAnqnyRgCJyQjUrwdr6kXOD9uvuyMtH jMERa+Q1/l00zNzE3u4j7u5TaTTZK7pj6GMUDUtEZU6zRFnbB4pKop8ycIeaw5L ++w827r0b6+B2rd/JN9uHP/gWDJ/QRlLPVVl3fOs31Xp978G9wlch+oCUfFHW2H9 1vwn5v35G9DiTPl2ulRqr25k2Bi92G7IRJ9n51iHJpzEF+wUdZx/vZyHnBdDp1DK QDS5t4yGOW+VeINyw5gv5eQqw1j5+Q7PDlPODs1kQrVbuT/rV+bjPsQbPADAoLRP Mz8ZzEaMBqf35vY6DMTX46gig3K12sumYQ== -----END CERTIFICATE-----
L’ancien certificat est valable jusqu’au 6 avril 2025.
-----BEGIN CERTIFICATE-----
MIIGpTCCBY2gAwIBAgIIQgAbkcMlgcwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQHEwpTY290dHNkYWxlMRow
GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQDEypHbyBEYWRkeSBTZWN1
cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjQwMzA1MDczMDI4WhcN
MjUwNDA2MDczMDI4WjAeMRwwGgYDVQDExNqaXJhLWNhcmRzLm1pcm8uY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR7OWjYSgesjXzQW6R7r8jss
NNPeS5ypbqZIdBMnuX9Rh62+wbNPo7FcKEe3BdmnmerCd3u47P6MJQTRXn6dBRMr
2g/nVvNHYtdxQB2iE+Rtwv2h+sDpkRO47N097q4wlhvelkFgUgULZx0LI/KPdPxC
umZsjg6Ck/ssgcj4aWZMCCWjLTLXu8Gaz/2h8TocqweZXQ0dmvoJqB1CSzslQXBV
IB+XxMeSoekojcY6pV4cfIfI57f5EfvLuoiP6Q177Oe/eIymTrt4kEkeSX7UgXF
6qVF9bV7wTOMQ1DY+0kDIRuyg8cCdG7Ul0k6wXYt3XOTtxtDnRhkscR5juzGHQID
AQABo4IDTjCCA0owDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6
Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZJzMS0xODIzNS5jcmwwXQYDVR0gBFYwVDBI
BgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVz
LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRq
MGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEF
BQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5
L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjA3BgNV
HREEMDAughNqaXJhLWNhcmRzLm1pcm8uY29tghd3d3cuamlyYS1jYXJkcy5taXJv
LmNvbTAdBgNVHQ4EFgQU2wiZ/76DT0QSteUPWyBAumMf5WcwggF+BgorBgEEAdZ5
AgQCBIIBbgSCAWoBaAB1AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnf
AAABjg2FZN4AAAQDAEYwRAIgBc+PVwPjZPnnD0zyCPlQ8+up0MsFlkf7z9PlPi2v
OeYCIBDKD4doMh7x4hyIP+pqzmQGYTdX/o42KHwrkECwLo6AHYAfVkeEuF4Knsc
YWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGODYVl6gAABAMARzBFAiEA4V4cbend
3S3vD+f0y9Fwka3ckS7Z8lr38PW88pJouGECICfKUoms5n/P/UJiFH/Zq2ZHG8+/
DzfWDctoQdUDWGZVAHcAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAA
AAGODYVmaQAABAMASDBGAiEAufiFjn4hkI237cz/mKGRh7nSqBF1KG03eZlE05e
3NMCIQCUInWAC/aNHTAktslNOoDeLxtpfg0M5L5sFpw+77AkeDANBgkqhkiG9w0B
AQsFAAOCAQEAGprOBgqK1Rr2aclZPjtPK6Kgvb6z1D/jBjEfNYVwP8n9BZ7Ewhwf
azl0I+uLqjXojOKPdMmf/3ZyM+2lj7QwCFeKzshmSvINE48NZX6s5b50JK9a/Yl
LyJvnIv2dZvPktQ1H3of3kYqOAxynzFGJ97iZBXjCiESZU7V+gm4d3ILQLqJaxX9
UPyqVFDoJQQhNbhnjhTdieQdqWte43vMvrgmr1Y6Chd+kY7RxfHcu+2CUEqQo3ay
BrfLpItd34cR58VBcHTrvpK4nFODCeNqhracTwvyzoGHlKli/nXod183CSSzcFG
0ghxdD7Lyj4notIkK3L2UHKOx5UqD8kog==.
-----END CERTIFICATE-----
Différentes façons de configurer
Vous pouvez choisir parmi deux options en ce qui concerne la vérification de la validation :