[rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate

• Previous message: [rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate
• Next message: [rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes .

I am doing the same :

Config file :

 [{rabbit,        [{tcp_listeners,    [5672]},{ssl_listeners, [5671]}, 
                        {ssl_options, [{verify,verify_none},
                    {fail_if_no_peer_cert,false}]}]}
].

But still the same error.

Using the same example in https://www.rabbitmq.com/ssl.html , Connecting 
without validating certificates

Thanks and Regards,
Ankur Chakraborty




From:   Michael Klishin <mklishin at pivotal.io>
To:     Ankur5 C <ankur5.c at tcs.com>
Cc:     Legacy list about RabbitMQ <rabbitmq-discuss at lists.rabbitmq.com>
Date:   31-07-2014 11:33
Subject:        Re: Create an encrypted SSL connection without having to 
verify certificate



On 31 July 2014 at 09:59:23, Ankur5 C (ankur5.c at tcs.com) wrote:
> > Would request you to please let me know how one can instruct rabbitmq 
> not verify peer and use the one connect without validating certificates 
> ?
> 
> My config file:
> 
> [{rabbit, [{tcp_listeners, [5672]},{ssl_listeners, [5671]}, 
> {ssl_options, [{cacertfile,"/etc/rabbitmq/testca/cacert.pem"}, 
> {certfile,"/etc/rabbitmq/server/cert.pem"},
> {keyfile,"/etc/rabbitmq/server/key.pem"},
> {verify,verify_none},
> {fail_if_no_peer_cert,false}]}]}
> ].

This is all you need.

This line
{verify,verify_none},

means "perform no peer verification" (don't check that the client
is who it claims to be), while

{fail_if_no_peer_cert,false}

means "don't even bother checking if the client has a certificate".

With this configuration

factory.setPort(5671);
factory.useSslProtocol();

is all you need to do in the Java client to make it use TLS (technically, 
SSLv3). 
-- 
MK 

Staff Software Engineer, Pivotal/RabbitMQ

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140731/ca63432a/attachment.html>

• Previous message: [rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate
• Next message: [rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]