By default, JIRA runs with a standard nonencrypted HTTP protocol. This is acceptable if you are running JIRA in a secured environment, such as an internal network. However, if you plan to open up access to JIRA over the Internet, you need to tighten up the security by encrypting sensitive data, such as the usernames and passwords that are sent, by enabling HTTP over SSL (HTTPS).
This recipe describes how to install SSL on the JIRA Tomcat application server. If you have an HTTP web server such as Apache in front of JIRA, you can install the SSL certificate on the web server instead.
You need to have the following set up before you can step through this recipe: