Sunday, January 11, 2015

Sample config for rabbitmq_auth_mechanism_ssl that works

This is a sample rabbitmq.config for enabling both client-side certificate and ssl authentication.

[
    {rabbit, [{auth_mechanisms, ['EXTERNAL']},
              {ssl_listeners, [5671]},
              {ssl_cert_login_from, common_name},
              {ssl_options, [{cacertfile,"/path/to/ca-cert"},
                             {certfile,"/path/to/client-cert"},
                             {keyfile,"/path/to/client-key"},
                             {verify,verify_peer},
                             {fail_if_no_peer_cert,true}                           
              ]}  
    ]}  
].

Notes:
  1. Make sure that you enabled rabbitmq_auth_mechanism_ssl plugin with 
    rabbitmq-plugins enable rabbitmq_auth_mechanism_ssl. It will be target for the EXTERNAL auth mechanim.
  2.  In your process of creating client certificate, set your rabbitmq client username as CN. i.e. CN=client_username. You don't need to provide client's login name anymore when creating rabbitmq connection in your client code.
Tested with RabbitMQ version 3.4.2

1 comment:

yuriy polonskiy said...

Great! iT is very unclear how to configure that shee\t to take CN and not DN...

Config number of file descriptors on Linux

Check file descriptor limit for a process. Vary depending on owner of the process $ cat /proc/{process-id}/limits Check current number of...