[rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate

Michael Klishin mklishin at gopivotal.com
Thu Jul 31 09:15:33 BST 2014

On 31 July 2014 at 10:11:19, Ankur5 C (ankur5.c at tcs.com) wrote:
> > [{rabbit, [{tcp_listeners, [5672]},{ssl_listeners, [5671]},  
> {ssl_options, [{verify,verify_none},
> {fail_if_no_peer_cert,false}]}]}
> ].

You must provide server CA/key/certificate files. There example on
http://www.rabbitmq.com/ssl.html is pretty indicative of that:

  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,"/path/to/testca/cacert.pem"},

and there are no examples that configure RabbitMQ to use TLS but do not specify
CA/key/certificate files.

Please spend some time learning the basics of TLS. It really doesn't make much
sense if neither peer has a certificate/key pair. 

Staff Software Engineer, Pivotal/RabbitMQ

More information about the rabbitmq-discuss mailing list