[rabbitmq-discuss] Federation Over SSL with Intermediate Certificate Authority

Richard Raseley richard at raseley.com
Thu Apr 11 21:16:44 BST 2013


What I ended up doing is just specifying the issuing (intermediate) CA's
cert as the "CA" in the rabbitmq.config file and it didn't complain when
bringing the service back online. I am not sure if this is because the
system already trusted the root CA (it was a DigiCert certificate) or what.

I would suggest adding whatever the proper guidance is to the documents -
as I am not sure if what I did is "correct" or not (I think I might have
just gotten lucky).

Regards,

Richard


On Thu, Apr 11, 2013 at 4:32 AM, Matthias Radestock
<matthias at rabbitmq.com>wrote:

> Richard,
>
>
> On 08/04/13 17:26, Richard Raseley wrote:
>
>> When attempting to federate two brokers over SSL, I understand that one
>> would configure SSL as described in the RabbitMQ documentation,
>> then instantiate the federation connection over the port specified in
>> the SSL configuration. That seems pretty straight forward. What I am not
>> seeing any documentation on is the use of a certificate that requires an
>> intermediate certificate to validate.
>>
>> I was able to find one thread from this discussion list from a while
>> back
>> (http://lists.rabbitmq.com/**pipermail/rabbitmq-discuss/**
>> 2012-March/018702.html<http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2012-March/018702.html>
>> ),
>> but it is not 100% clear to me what was done there to successfully
>> include the intermediate certificate.
>>
>> Is there any official guidance out there on how to use an intermediate
>> certificate in this scenario, or if not, could someone who has actually
>> done this before comment on the process required to get it working?
>>
>
> Did you get this working in the end? If so, any suggestions for improving
> the rabbit docs?
>
> Matthias.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130411/8a8ddae5/attachment.htm>


More information about the rabbitmq-discuss mailing list