[jopr-dev] tomcat and agent security

Here's something that was brought to my attention when a customer was asking how to enable bi-directional SSL authentication between Jopr server and Jopr agent. We are using the Tomcat connectors on ports 7080 and 7443 for browsers/GUI use and for incoming agent requests. By default, the agent uses the "servlet" transport which means it sends HTTP requests to port 7080. If you switch the agent to use the "sslservlet" transport, you tell it to send HTTPS requests to port 7443, which is configured in Tomcat to be the SSL connector. What happens when you want the agents to authenticate themselves with the server via SSL certificates? Its easy - you configure Tomcat's SSL connector with the appropriate keystore/truststore settings so when Tomcat receives agent requests over 7443, it verifies the agent's certificate using the normal SSL handshaking (there are settings in rhq-server.properties to do this). BUT! Because we are piggybacking on the Tomcat connector that browsers use to get to the UI, this means that now all users are required to install a certificate in their browser AND that certificate needs to be placed in the Tomcat truststore. Very few people (any?) would be willing to do this just so their Jopr users can access the GUI. They will just want browsers to access the UI via https: like 99% of all the other web apps out there. I think this is a use-case where users are gonna want to use the sslsocket transport so agents can talk to a separate Jboss/Remoting port in the server that can perform SSL certificate checking but it leaves Tomcat alone so GUI users are not burdened with needing SSL certificate in their browsers. I bring this up because I have to write up some documentation on this, and I thought I'd solicit comments on this.