[rabbitmq-discuss] Broker accepts self-signed client certificate in verify_peer mode

jiri at krutil.com jiri at krutil.com
Wed Aug 11 07:41:06 BST 2010


Hi

Could anyone help with this issue please?

Any tips or experince would be greatly appreciated.

Many thanks
Jiri


> When experimenting with SSL connections to RabbitMQ, I came across a  
> very strange thing.
>
> The RabbitMQ server is configured to require a client certificate  
> and verify the chain of trust (see rabbitmq.config below). I'm using  
> my own CA that has a self-signed certificate. This is the only  
> trusted root CA certificate I'm using.
>
> RabbitMQ correctly accepts client certificates signed by my CA. But  
> it also accepts self-signed client certificates, which I think is  
> incorrect. I believe a self-signed client certificate should be  
> rejected because there is no chain of trust to the root CA  
> certificate.
>
> I did not find anything helpful in the RabbitMQ logs. Am I doing  
> something wrong?
>
> I'm using RabbitMQ server 1.8.1, Erlang R13B03 and new_ssl 3.10.7.



More information about the rabbitmq-discuss mailing list