[rabbitmq-discuss] SSL connection

Ojha, Ashish Ashish.Ojha at gs.com
Mon Aug 25 08:43:24 BST 2014

Hi Team ,

I have a question regarding SSL connection implementation in RabbitMQ , currently there are three important parameters a RabbitMQ broker needs to enabled SSL connection :

-          Root Certificate Chain

-          Server Certificate .

-          Server private Key .

{rabbit, [
        {tcp_listeners, [2000]},
        {loopback_users, []},
        {ssl_listeners, [2001]},
        {ssl_options, [{cacertfile, "/var/opt/rabbitmq-3.3.0/broker-1/CA.pem"},
                  {certfile, "/var/opt/rabbitmq-3.3.0/broker-1/cert.pem"},
                  {keyfile, "/var/opt/rabbitmq-3.3.0/broker-1/serverKey.pem"},
                  {verify, verify_peer},
                  {fail_if_no_peer_cert, true}]}

Question :

n  Is it mandatory to have the server certificates and private key configured in RabbitMQ broker ?

n  Can I just have the Root Certificate chain in the RabbitMQ broker  ?

n  My requirement is to only have the Client Certificates been verified by the RabbitMQ broker....NOT server certificates verified by the clients ...

n  I don't want to manage the server certificates and private keys ....just manage the Root Certificates ...is it possible ?

The Goldman Sachs Group, Inc. All rights reserved.
See http://www.gs.com/disclaimer/global_email for important risk disclosures, conflicts of interest and other terms and conditions relating to this e-mail and your reliance on information contained in it.  This message may contain confidential or privileged information.  If you are not the intended recipient, please advise us immediately and delete this message.  See http://www.gs.com/disclaimer/email for further information on confidentiality and the risks of non-secure electronic communication.  If you cannot access these links, please notify us by reply message and we will send the contents to you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140825/c5b3b21f/attachment.html>

More information about the rabbitmq-discuss mailing list