[rabbitmq-discuss] Authenticate client using certificate only
jiri at krutil.com
jiri at krutil.com
Tue Aug 17 08:36:32 BST 2010
Hi all
I was wondering if it is possible to configure the broker in a way
that it will authenticate clients connecting over SSL using the client
certificate only, without username and password?
Let's say the client connects over SSL and presents a signed
certificate containing the client user name in the certificate
subject's Common Name. If the broker can establish a chain of trust to
a configured root CA cert, the client identity is verified, which in
my opinion completes the authentication. It then does not really make
sense to require a username and a password.
Imagine a client connects using a trusted certificate for client A,
but then provides a valid username/password combination for client B.
Which client is it then?
As far as I know, Apache Qpid supports such certificate-based authentication.
Cheers
Jiri
More information about the rabbitmq-discuss
mailing list