Description: $SUBJECT By the SSL encryption we only mean the ability to use an HTTPS connection with the remote-side's certificate being trusted by the RHQ server's JVM - i.e. the certificate must be installed into RHQ server's key store.
To test this, do the following: 1) Install apache. 2) In the document root of apache, put a bundle zip file (unsecured.zip). 3) Create a directory called "secured" under the document root and put another bundle zip file in there (secured.zip). 4) Configure apache to use SSL (on fedora, this is done by "yum install mod_ssl") 5) Add a file called "secured-area.conf" into /etc/httpd/conf.d with the following contents: <Location "/secured"> AuthType basic AuthName "Private Area" AuthBasicProvider file AuthUserFile "/var/www/users" Require valid-user </Location> 6) As root do: # htpasswd -c /var/www/users test and enter the password for the "test" user 7) restart apache 8) Get the hostname of the machine with the apache server by calling the "hostname" command. 8) In RHQ GUI, click to add a new bundle 9) Select URL 10) Enter the URL "http://<hostname>/unsecure.zip", and no user name or password 11) click next and the wizard should proceed normally. 12) Cancel and repeat points 8 to 10 with the URL "http://<hostname>/secured/secured.zip" 13) Upon clicking "Next", you should see an error message complaining about authorization being required. 14) Cancel and repeat points 8 to 10 with the URL "https://<hostname>/unsecure.zip" 15) Upon clicking "Next", you should see an error message complaining about the certificate not being trusted ("peer not authenticated") 16) Stop RHQ server 17) Import the Apache's certificate into RHQ server's JVM trust store: keytool -import -file /etc/pki/tls/certs/localhost.crt -keystore $JAVA_HOME/jre/lib/security/cacerts (the path of the certificate is the default in fedora, you can find it in the SSL config of Apache. The location of the JVM keystore can differ, too). 18) Start the RHQ server again 19) Repeat points 8 to 10 with URL "https://<hostname>/unsecure.zip". 20) Upon clicking "Next", the wizard should now proceed normally. 21) Cancel and repeat points 8 to 10 with URL "https://<hostname>/secured/secured.zip" 22) Upon clicking "Next", you should see an error message complaining about the authorization being required. 23) Cancel and repeat points 8 to 10 with URL "http://<hostname>/secured/secured.zip" and username "test" and password provided in step 6. 24) Upon clicking "Next", the wizard should proceed normally. 25) Cancel and repeat points 8 to 10 with URL "https://<hostname>/secured/secured.zip" and username "test" and password provided in step 6. 26) Upon clicking "Next", the wizard should proceed normally. There is a new remote API method: BundleManagerRemote.createBundleVersionViaURL(Subject, String url, String user, String password) that corresponds to the UI. The above steps should be repeated using the CLI and the remote API method, giving similar results. master https://git.fedorahosted.org/cgit/rhq/rhq.git/commit/?id=ccafd04e424b9db5e2d6c369ce0a5c51166ff40e Author: Lukas Krejci <lkrejci> Date: Tue Jun 4 15:09:08 2013 +0200 [BZ 969584 - HTTP Basic auth for bundle URLs] It is now possible to optionally specify the user name and password for HTTP URLs protected by basic authorization.
master https://git.fedorahosted.org/cgit/rhq/rhq.git/commit/?id=55cdb1620e3a6e3ef34c74ed630268aaef4cbb19 Author: Lukas Krejci <lkrejci> Date: Thu Jun 6 17:32:49 2013 +0200 [BZ 969584] - Removing the confusing "Optional" hint in the field. There is a tooltip providing more detailed information on the fields.
Bulk closing of old issues now that HRQ 4.9 is in front of the door. If you think the issue has not been solved, then please open a new bug and mention this one in the description.