Browser pops up a dialog to select a certificate while viewing a specific Jira issue on a cloud site

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Summary

When viewing a specific Jira issue, the browser pops up a dialog to select a certificate with the message "Select a certificate to authenticate yourself to <URL>:443"

  • If the user clicks OK, unsecured content on the issue will not be loaded since the certificate is already missing for that content.

  • If the user selects cancel, the unsecured content may or may not load. In the below example, the unsecured content was loaded over HTTPS

Environment

Jira/Jira Service Management Cloud.

Any browser an be affected. Tested in Chrome, Safari, Firefox

Diagnosis

  • In the browser Console logs, the following warning message is received 

    1 Mixed Content: The page at 'https://kahol.atlassian.net/browse/AP-5' was loaded over HTTPS, but requested an insecure element 'http://<Domain>.com/XXXX/images/XXXXLogo.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Cause

The problem is due to the Mixed content on Jira issue. Mixed content occurs when initial HTML is loaded over a secureHTTPSconnection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Read more

To minimize breakage, browsers will autoupgrade mixed resources to HTTPS, so sites continue to work if their subresources are already available over HTTPS. For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Solution

  • Identify the mixed content on the Jira issue causing the warning message from the Console logs. In the below example, the mixed content is "http://<Domain>.com/XXXX/images/XXXXLogo.png"  (Notice the URL is HTTP and not HTTPS) 

    1 Mixed Content: The page at 'https://kahol.atlassian.net/browse/AP-5' was loaded over HTTPS, but requested an insecure element 'http://<Domain>.com/XXXX/images/XXXXLogo.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

  • Either remove the mixed content or migrate the mixed content to HTTPS to avoid warnings and breakage.

Updated on February 28, 2025
Platform
Cloud only
Products
Atlassian Cloud Cloud
Jira Software Cloud
Jira Service Management Cloud
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community