[rabbitmq-discuss] Create an encrypted SSL connection without having to verify certificate
Michael Klishin
mklishin at gopivotal.com
Thu Jul 31 09:15:33 BST 2014
On 31 July 2014 at 10:11:19, Ankur5 C (ankur5.c at tcs.com) wrote:
> > [{rabbit, [{tcp_listeners, [5672]},{ssl_listeners, [5671]},
> {ssl_options, [{verify,verify_none},
> {fail_if_no_peer_cert,false}]}]}
> ].
You must provide server CA/key/certificate files. There example on
http://www.rabbitmq.com/ssl.html is pretty indicative of that:
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/path/to/testca/cacert.pem"},
{certfile,"/path/to/server/cert.pem"},
{keyfile,"/path/to/server/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}
]}
].
and there are no examples that configure RabbitMQ to use TLS but do not specify
CA/key/certificate files.
Please spend some time learning the basics of TLS. It really doesn't make much
sense if neither peer has a certificate/key pair.
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
More information about the rabbitmq-discuss
mailing list