Sunday, January 11, 2015

Sample config for rabbitmq_auth_mechanism_ssl that works

This is a sample rabbitmq.config for enabling both client-side certificate and ssl authentication.

[
    {rabbit, [{auth_mechanisms, ['EXTERNAL']},
              {ssl_listeners, [5671]},
              {ssl_cert_login_from, common_name},
              {ssl_options, [{cacertfile,"/path/to/ca-cert"},
                             {certfile,"/path/to/client-cert"},
                             {keyfile,"/path/to/client-key"},
                             {verify,verify_peer},
                             {fail_if_no_peer_cert,true}                           
              ]}  
    ]}  
].

Notes:
  1. Make sure that you enabled rabbitmq_auth_mechanism_ssl plugin with 
    rabbitmq-plugins enable rabbitmq_auth_mechanism_ssl. It will be target for the EXTERNAL auth mechanim.
  2.  In your process of creating client certificate, set your rabbitmq client username as CN. i.e. CN=client_username. You don't need to provide client's login name anymore when creating rabbitmq connection in your client code.
Tested with RabbitMQ version 3.4.2

1 comment:

yuriy polonskiy said...

Great! iT is very unclear how to configure that shee\t to take CN and not DN...

[PostgreSQL] How to create read-only standby replica (follower)

This link  and this link explain it really well and concise