[rabbitmq-discuss] RabbitMQ .Net Client connecting without a passphrase

• Previous message: [rabbitmq-discuss] RabbitMQ .Net Client connecting without a passphrase
• Next message: [rabbitmq-discuss] Installation Guide for rabbitmq Java client missing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/04/14 13:31, Vinay Nayak wrote:
> We have managed to get an authenticate-authorise with server-client
> certificates set-up on our RabbitMQ server.
> However the fact that in the client code we pass a certificate with a
> key (i.e. p12 file) and a passphrase to connect to the server makes us a
> little uncomfortable.
>
> The fact that we are passing a Passphrase implies that RabbitMQ uses the
> passphrase to decrypt the p12 file, retrieve the key, use the key to get
> the CA details from the certificate and then check if the CA is trusted
> or not; instead of RabbitMQ contacting the CA server to verify the
> certificate presented by the client.
> The above can be absolute bollocks, if it is can someone please explain
> what goes under the hood.

I am afraid the above is indeed absolute bollocks :)

The client needs the key for its own certificate, just like the server 
needs the key for its own certificate. That's how PKI works - each party 
needs to know their own key (only). The key is not passed to the other 
party.

Also, there is no such thing as a "CA server"; cert validation is a 
local operation.

Regards,

Matthias.

• Previous message: [rabbitmq-discuss] RabbitMQ .Net Client connecting without a passphrase
• Next message: [rabbitmq-discuss] Installation Guide for rabbitmq Java client missing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]