[rabbitmq-discuss] Authenticate client using certificate only

jiri at krutil.com jiri at krutil.com
Tue Aug 17 08:36:32 BST 2010


Hi all

I was wondering if it is possible to configure the broker in a way  
that it will authenticate clients connecting over SSL using the client  
certificate only, without username and password?

Let's say the client connects over SSL and presents a signed  
certificate containing the client user name in the certificate  
subject's Common Name. If the broker can establish a chain of trust to  
a configured root CA cert, the client identity is verified, which in  
my opinion completes the authentication. It then does not really make  
sense to require a username and a password.

Imagine a client connects using a trusted certificate for client A,  
but then provides a valid username/password combination for client B.  
Which client is it then?

As far as I know, Apache Qpid supports such certificate-based authentication.

Cheers
Jiri



More information about the rabbitmq-discuss mailing list