rabbitmq how to set peer certificate verification for some specific mqtts ports only?
62 views
Skip to first unread message
Akila Wickey
Apr 25, 2020, 10:58:11 AM4/25/20
to rabbitmq-users
Here I have put fail_if_no_peer_cert as true to enable the client certificate verification. I have 2 MQTTS ports which are 1884 and 2500. I just want to enable this peer verification only to the port 1884. Port 2500 I want to use as one way SSL with fail_if_no_peer_cert as false.
Is there a way to do this in rabbitmq.config?
following is my rabbitmq.config file
[
{
rabbit, [
{ loopback_users, [ ] },
{ tcp_listeners, [ 5672 ] },
{ ssl_listeners, [ ] },
{ ssl_options, [{cacertfile,"/home/akila/test/tls-gen/basic/result/ca_certificate.pem"},
{certfile,"/home/akila/test/tls-gen/basic/result/server_certificate.pem"},
{keyfile,"/home/akila/test/tls-gen/basic/result/server_key.pem"},
{versions, ['tlsv1.2', 'tlsv1.1']},
{verify,verify_peer},
{fail_if_no_peer_cert,true}]},
{ hipe_compile, false },
{ auth_backends, [rabbit_auth_backend_internal,rabbit_auth_backend_http]}
]
},
{rabbitmq_management, [
{ listener, [
{ port, 15672 },
{ ssl, false }
] } ]
},
{rabbitmq_mqtt, [
{ssl_listeners, [1884,2500]},
{tcp_listeners, [1883]}
]}
].
Luke Bakken
Apr 27, 2020, 10:09:45 AM4/27/20
to rabbitmq-users
Hello,
At this time all TLS ports for MQTT use the same settings. I will make a note that at least one person has requested different behavior.
Thanks,
Luke
Akila Wickey
Apr 28, 2020, 12:21:37 AM4/28/20
to rabbitmq-users
Thank you very much Luke. I actually wanted to know this feature is currently available or not.
Reply all
Reply to author
Forward
0 new messages