Quantcast

SSL connection

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SSL connection

Ojha, Ashish

Hi Team ,

 

I have a question regarding SSL connection implementation in RabbitMQ , currently there are three important parameters a RabbitMQ broker needs to enabled SSL connection :

 

-          Root Certificate Chain

-          Server Certificate .

-          Server private Key .

 

{rabbit, [

        {tcp_listeners, [2000]},

        {loopback_users, []},

        {ssl_listeners, [2001]},

        {ssl_options, [{cacertfile, "/var/opt/rabbitmq-3.3.0/broker-1/CA.pem"},

                  {certfile, "/var/opt/rabbitmq-3.3.0/broker-1/cert.pem"},

                  {keyfile, "/var/opt/rabbitmq-3.3.0/broker-1/serverKey.pem"},

                  {verify, verify_peer},

                  {fail_if_no_peer_cert, true}]}

 

Question :

 

n  Is it mandatory to have the server certificates and private key configured in RabbitMQ broker ?

n  Can I just have the Root Certificate chain in the RabbitMQ broker  ?

n  My requirement is to only have the Client Certificates been verified by the RabbitMQ broker....NOT server certificates verified by the clients …

n  I don’t want to manage the server certificates and private keys ….just manage the Root Certificates …is it possible ?

 

The Goldman Sachs Group, Inc. All rights reserved.

See http://www.gs.com/disclaimer/global_email for important risk disclosures, conflicts of interest and other terms and conditions relating to this e-mail and your reliance on information contained in it.  This message may contain confidential or privileged information.  If you are not the intended recipient, please advise us immediately and delete this message.  See http://www.gs.com/disclaimer/email for further information on confidentiality and the risks of non-secure electronic communication.  If you cannot access these links, please notify us by reply message and we will send the contents to you. 

 


_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSL connection

Michael Klishin-4
This list has moved to rabbitmq-users:
https://groups.google.com/forum/#!forum/rabbitmq-users

Please start new discussions there.

On 25 August 2014 at 11:44:36, Ojha, Ashish ([hidden email]) wrote:
> >
> n Is it mandatory to have the server certificates and private
> key configured in RabbitMQ broker ?

Yes.

> n Can I just have the Root Certificate chain in the RabbitMQ broker
> ?

No.
--
MK

Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Loading...