[rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate

• Previous message: [rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate
• Next message: [rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 31 July 2014 at 10:11:19, Ankur5 C (ankur5.c at tcs.com) wrote:
> > [{rabbit, [{tcp_listeners, [5672]},{ssl_listeners, [5671]},  
> {ssl_options, [{verify,verify_none},
> {fail_if_no_peer_cert,false}]}]}
> ].

You must provide server CA/key/certificate files. There example on
http://www.rabbitmq.com/ssl.html is pretty indicative of that:

[
  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,"/path/to/testca/cacert.pem"},
                    {certfile,"/path/to/server/cert.pem"},
                    {keyfile,"/path/to/server/key.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}
   ]}
].

and there are no examples that configure RabbitMQ to use TLS but do not specify
CA/key/certificate files.

Please spend some time learning the basics of TLS. It really doesn't make much
sense if neither peer has a certificate/key pair. 
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ

• Previous message: [rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate
• Next message: [rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]