Security warning when accessing JIRA in Chrome
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When accessing JIRA in Chrome, the following security warning is being shown for the site:
Diagnosis
Environment
- Using Chrome browser.
- Other browsers does not show the security warning.
- JIRA is using SSL.
Cause
The certificate used in JIRA is signed with SHA-1.
Workaround
You can click to proceed anyway when accessing JIRA, or add the application URL in the security exceptions of the browser.
Resolution
SHA-1 was deprecated in Chrome version 39 and above, as a measure to force sites using a weak cryptography to migrate to better one, as peer of Google Announcement .
In order to resolve this security issue, you should contact your CA and generate a new certificate signed with a better hash.