[rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate

Michael Klishin mklishin at pivotal.io
Thu Jul 31 07:02:46 BST 2014


On 31 July 2014 at 09:59:23, Ankur5 C (ankur5.c at tcs.com) wrote:
> > Would request you to please let me know how one can instruct rabbitmq  
> not verify peer and use the one connect without validating certificates  
> ?
>  
> My config file:
>  
> [{rabbit, [{tcp_listeners, [5672]},{ssl_listeners, [5671]},  
> {ssl_options, [{cacertfile,"/etc/rabbitmq/testca/cacert.pem"},  
> {certfile,"/etc/rabbitmq/server/cert.pem"},
> {keyfile,"/etc/rabbitmq/server/key.pem"},
> {verify,verify_none},
> {fail_if_no_peer_cert,false}]}]}
> ].

This is all you need.

This line
{verify,verify_none},

means "perform no peer verification" (don't check that the client
is who it claims to be), while

{fail_if_no_peer_cert,false}

means "don't even bother checking if the client has a certificate".

With this configuration

factory.setPort(5671);
factory.useSslProtocol();

is all you need to do in the Java client to make it use TLS (technically, SSLv3). 
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ


More information about the rabbitmq-discuss mailing list