<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:35586342;
mso-list-type:hybrid;
mso-list-template-ids:-128920268 -842075058 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F06E;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:815417784;
mso-list-type:hybrid;
mso-list-template-ids:1325401990 -458863974 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Hi Team ,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I have a question regarding SSL connection implementation in RabbitMQ , currently there are three important parameters a RabbitMQ broker needs to enabled SSL connection :<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l1 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]>Root Certificate Chain <o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l1 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]>Server Certificate .<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l1 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]>Server private Key .<o:p></o:p></p><p class=MsoNormal><b><i><o:p> </o:p></i></b></p><p class=MsoNormal><b><i>{rabbit, [<o:p></o:p></i></b></p><p class=MsoNormal><b><i> {tcp_listeners, [2000]},<o:p></o:p></i></b></p><p class=MsoNormal><b><i> {loopback_users, []},<o:p></o:p></i></b></p><p class=MsoNormal><b><i> {ssl_listeners, [2001]},<o:p></o:p></i></b></p><p class=MsoNormal><b><i> {ssl_options, [{cacertfile, "/var/opt/rabbitmq-3.3.0/broker-1/CA.pem"},<o:p></o:p></i></b></p><p class=MsoNormal><b><i> <span style='color:red'>{certfile, "/var/opt/rabbitmq-3.3.0/broker-1/cert.pem"},<o:p></o:p></span></i></b></p><p class=MsoNormal><b><i><span style='color:red'> {keyfile, "/var/opt/rabbitmq-3.3.0/broker-1/serverKey.pem"},<o:p></o:p></span></i></b></p><p class=MsoNormal><b><i> {verify, verify_peer},<o:p></o:p></i></b></p><p class=MsoNormal><b><i> {fail_if_no_peer_cert, true}]}<o:p></o:p></i></b></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Question :<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-family:Wingdings'><span style='mso-list:Ignore'>n<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>Is it mandatory to have the server certificates and private key configured in RabbitMQ broker ?<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-family:Wingdings'><span style='mso-list:Ignore'>n<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>Can I just have the Root Certificate chain in the RabbitMQ broker ?<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-family:Wingdings'><span style='mso-list:Ignore'>n<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>My requirement is to only have the Client Certificates been verified by the RabbitMQ broker....NOT server certificates verified by the clients …<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-family:Wingdings'><span style='mso-list:Ignore'>n<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>I don’t want to manage the server certificates and private keys ….just manage the Root Certificates …is it possible ?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b><span lang=EN-GB style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333'>The Goldman Sachs Group, Inc. All rights reserved</span></b><span lang=EN-GB style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333'>.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:8.0pt;font-family:"Arial","sans-serif";color:black'>See </span><span lang=EN-GB style='color:#1F497D'><a href="http://www.gs.com/disclaimer/global_email"><span style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#316E59'>http://www.gs.com/disclaimer/global_email</span></a></span><span lang=EN-GB style='font-size:8.0pt;font-family:"Arial","sans-serif";color:black'> for important risk disclosures, conflicts of interest and other terms and conditions relating to this e-mail and your reliance on information contained in it. This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See </span><span lang=EN-GB style='color:#1F497D'><a href="http://www.gs.com/disclaimer/email"><span style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#316E59'>http://www.gs.com/disclaimer/email</span></a></span><span lang=EN-GB style='font-size:8.0pt;font-family:"Arial","sans-serif";color:black'> for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. </span><span lang=EN-GB style='color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>