[rabbitmq-discuss] SASL authentication HTTP (management console / REST API)
Aryan S
aryan02130 at gmail.com
Sun Nov 10 15:05:35 GMT 2013
Hi,
I am trying to get the HTTP API (REST calls ) and the management console to
work without prompting for user name and password.
1.) Now first thing I am trying is accessing :-
https://10.31.52.204:15672from my browser ( I have imported the
certificates in the browser.)
I get a prompt to select the certificate and after that it takes me to the
username/password page. Can you help me in understanding what I am missing
? Shouldnt' it authenticate based on the client certificate and take me in
or fail (since I have fail_if_no_peer_cert, true & verify, verify_peer)
2.) Even for the REST API calls , say for example -
https://10.31.52.204:15672/api/users, I still get a prompt for username and
password. How do I prevent this ?
(Basically I am trying the last part in
http://www.rabbitmq.com/mochiweb.html)
The following is my rabbitmq.config file : -
{rabbit, [
{heartbeat, 30},
{auth_mechanisms, ['EXTERNAL']},
{ssl_listeners, [15671]},
{ssl_cert_login_from, common_name},
{ssl_options, [{cacertfile,
"/home/test/certificates/cert/testca/cacert.pem"},
{certfile,
"/home/test/certificates/cert/server/cert.pem"},
{keyfile,
"/home/test/certificates/cert/server/key.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, true}]}
]
},
{rabbitmq_management,
[{listener, [{port, 15672},
{ssl, true},
{ssl_opts, [{cacertfile,
"/home/test/certificates/cert/testca/cacert.pem"},
{certfile,
"/home/test/certificates/cert/server/cert.pem"},
{keyfile,
"/home/test/certificates/cert/server/key.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, true}]}
]}
]}
].
Regards,
Aryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20131110/3d56fd4d/attachment.htm>
More information about the rabbitmq-discuss
mailing list