Bug 783053 - secure SSL communication out of the box
Summary: secure SSL communication out of the box
Status: NEW
Alias: None
Product: RHQ Project
Classification: Other
Component: Agent, Core Server (Show other bugs)
(Show other bugs)
Version: 4.3
Hardware: All All
unspecified vote
Target Milestone: ---
: ---
Assignee: RHQ Project Maintainer
QA Contact: Mike Foley
Depends On:
TreeView+ depends on / blocked
Reported: 2012-01-19 07:28 UTC by Aleksandar Kostadinov
Modified: 2015-02-01 23:29 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Aleksandar Kostadinov 2012-01-19 07:28:50 UTC
Description of problem:
Currently JON server communicates with agents without encryption and authentication. So here is a proposal for making SSL the default with I believe no user configuration complexity increase:

* registration token be replaced with a certificate
* a new agent should receive as configuration a CA certificate, if not then it should ask user for confirming server cert (a force command line switch may override this)
* a new agent should receive as configuration agent certificate, if such configuration parameter is not present, then agent should generate a new self-signed certificate by itself
* of course JON server should also by default have https enabled (I think this is already the case)
* when agent tries to register with server, SSL connection should be established
** if agent certificate is not known to server, put agent in discovery queue
** if agent certificate is known to be same as existing agent, then allow agent connection (agent name should match, otherwise put in discovery queue)
** if agent is a new one but certificate is signed by a CA configured into the JON server, then automatically inventory it
** if agent certificate is close to expiring, agent should be able to automatically create new self-signed certificate and that should be accepted by server (I think this makes sense even if initial agent certificate was signed by a CA)
* JON server -> agent connection should also be SSL where both sides verify certificates

Please note that agent should always go to discovery queue if certificate is unknown, expired, revoked or some other problem. Perhaps there could sections in UI differentiating between cause for putting an agent into it. Admin should be given enough information (name, cert, claimed host/port, host/port current request comes from, etc.) to decide which agents in that queue are legitimate and what actions are necessary to inventory them. Perhaps there would be other details for UI and possible corner cases but I think the main idea is clear.

Comment 2 Mike Harvey 2012-01-19 18:26:59 UTC
I'm in favor.  This ssl "ease of configuration feature" is inspired by cloud certification program, EC2 testing, and other cloud providers to be certified in the future as well.

Comment 4 Mike Foley 2012-01-23 16:17:20 UTC
per scrum 1/23/2012 crouch, loleary, mfoley

Comment 5 David Jorm 2012-01-24 08:39:57 UTC
(In reply to comment #4)
> per scrum 1/23/2012 crouch, loleary, mfoley

So is this feature not targeted for a specific release? That's fine with me, just checking to ensure I understand the plan.

Note You need to log in before you can comment on or make changes to this bug.