<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">See <a href="http://hg.rabbitmq.com/rabbitmq-management/raw-file/rabbitmq_v3_2_1/priv/www/api/index.html">http://hg.rabbitmq.com/rabbitmq-management/raw-file/rabbitmq_v3_2_1/priv/www/api/index.html</a>, specifically this part:<div><br></div><div> "all URIs will serve only resources
of type <code>application/json</code>, and will require HTTP basic
authentication"<br><div><br></div><div>So you've got the TLS layer (i.e., SSL) is using a cert, and that's what the configuration in the rabbitmq_management section is for. Plus, you've also got HTTP (application) layer authentication, which requires basic auth. The cert is only used for fire traffic, not AAA. Hope that makes sense.</div><div><br></div><div>Cheers,</div><div>Tim</div><div><br><div><div>On 10 Nov 2013, at 15:05, Aryan S wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Hi,<div><br></div><div>I am trying to get the HTTP API (REST calls ) and the management console to work without prompting for user name and password.</div><div><br></div><div>1.) Now first thing I am trying is accessing :- <a href="https://10.31.52.204:15672/">https://10.31.52.204:15672</a> from my browser ( I have imported the certificates in the browser.)<br>
</div><div><br></div><div>I get a prompt to select the certificate and after that it takes me to the username/password page. Can you help me in understanding what I am missing ? Shouldnt' it authenticate based on the client certificate and take me in or fail (since I have fail_if_no_peer_cert, true & verify, verify_peer)</div>
<div><br></div><div>2.) Even for the REST API calls , say for example - <a href="https://10.31.52.204:15672/api/users">https://10.31.52.204:15672/api/users</a>, I still get a prompt for username and password. How do I prevent this ?</div>
<div><br></div><div>(Basically I am trying the last part in <a href="http://www.rabbitmq.com/mochiweb.html">http://www.rabbitmq.com/mochiweb.html</a>)</div><div><br></div><div>The following is my rabbitmq.config file : -</div>
<div><br></div><div><div> {rabbit, [</div><div> {heartbeat, 30},</div><div> {auth_mechanisms, ['EXTERNAL']},</div><div> {ssl_listeners, [15671]},</div><div> {ssl_cert_login_from, common_name},</div>
<div> {ssl_options, [{cacertfile, "/home/test/certificates/cert/testca/cacert.pem"},</div><div> {certfile, "/home/test/certificates/cert/server/cert.pem"},</div><div> {keyfile, "/home/test/certificates/cert/server/key.pem"},</div>
<div> {verify, verify_peer},</div><div> {fail_if_no_peer_cert, true}]}</div><div> ]</div><div> },</div><div>{rabbitmq_management,</div><div> [{listener, [{port, 15672},</div>
<div> {ssl, true},</div><div> {ssl_opts, [{cacertfile, "/home/test/certificates/cert/testca/cacert.pem"},</div><div> {certfile, "/home/test/certificates/cert/server/cert.pem"},</div>
<div> {keyfile, "/home/test/certificates/cert/server/key.pem"},</div><div> {verify, verify_peer},</div><div> {fail_if_no_peer_cert, true}]}</div>
<div> ]}</div><div> ]}</div><div>].</div></div><div><br></div><div>Regards,</div><div>Aryan</div></div>
_______________________________________________<br>rabbitmq-discuss mailing list<br><a href="mailto:rabbitmq-discuss@lists.rabbitmq.com">rabbitmq-discuss@lists.rabbitmq.com</a><br>https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss<br></blockquote></div><br></div></div></body></html>