[rabbitmq-discuss] client cert & user/pass authentication

Simon MacMullen simon at rabbitmq.com
Wed May 8 11:41:47 BST 2013

I'm afraid that's not possible at the moment. I'm not sure whether the 
Erlang SSL API lets us determine programmatically whether there is a 
client cert and it has been verified. We'll look into this.

Cheers, Simon

On 07/05/13 15:58, Warren Smith wrote:
> I'm using the rabbitmq-auth-mechanism-ssl plugin to authenticate
> clients using certificates that the clients present. This is working
> well, but for convenience, I'd also like to allow a few users to
> authenticate using a username/password over an ssl connection.
> rabbitmq-auth-mechanism-ssl requires that the ssl_options in the the
> rabbitmq.config include {fail_if_no_peer_cert,true}, so user/pass
> authentication can't be performed. If I try to set it to false, the
> client certificate seems to be ignored.
> I have {auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']} in the
> rabbitmq.config and users can authenticate over tcp with a user/pass,
> but I'd prefer that they use ssl. Is there a configuration that would
> allow me to support both client certificate and username/password
> authentication over ssl?
> Thanks,
> Warren
> _______________________________________________ rabbitmq-discuss
> mailing list rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

Simon MacMullen
RabbitMQ, Pivotal

More information about the rabbitmq-discuss mailing list