[
{rabbit, [{auth_mechanisms, ['EXTERNAL']},
{ssl_listeners, [5671]},
{ssl_cert_login_from, common_name},
{ssl_options, [{cacertfile,"/path/to/ca-cert"},
{certfile,"/path/to/client-cert"},
{keyfile,"/path/to/client-key"},
{verify,verify_peer},
{fail_if_no_peer_cert,true}
]}
]}
].
Notes:
- Make sure that you enabled rabbitmq_auth_mechanism_ssl plugin with
rabbitmq-plugins enable rabbitmq_auth_mechanism_ssl. It will be target for the EXTERNAL auth mechanim.
- In your process of creating client certificate, set your rabbitmq client username as CN. i.e. CN=client_username. You don't need to provide client's login name anymore when creating rabbitmq connection in your client code.
Tested with RabbitMQ version 3.4.2