Does RabbitMQ support a Windows Certificate Store?

[Yusuke Masuda]

Hello,

I'm using RabbitMQ on Windows with MassTransit (http://masstransit-project.com/).

I would like to enable to SSL/TLS to encrypt its communication.

I ensured our program enabled SSL/TLS with a certificate file.

Now I would like to use a certificate within the Windows certificate store.

But I couldn't find any information out.

Does RabbitMQ support a windows certificate store?

I found a post below.

https://stackoverflow.com/questions/44612885/rabbitmq-storing-ssl-certificate-in-windows-certificate-store

It says that RabbitMQ doesn't support the windows certificate store because Erlang doesn't support.

Is it not to support yet? 

Does RabbitMQ have any plan to support it?

Thank you.

Yusuke

[Michael Klishin]

RabbitMQ does not implement TLS, Erlang/OTP does. RabbitMQ has an alternative certificate trust store plugin, rabbitmq-trust-store, so a similar approach could be applied to support the Windows certificate store but it’s not something on our roadmap. The right place for that feature in my opinion is Erlang/OTP’s TLS libraries.

RabbitMQ .NET client should be able to use any certificate trust store available to .NET libraries.

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Yusuke Masuda]

Hi, Michael,

Thank you for very quick response.

I understand it depends on erlang implementation.

I will check the erlang community.

Also I will check the rabbitmq-trust-store plugin.

Thanks,

Yusuke

[Yusuke Masuda]

Hi,

I took a look the rabbitmq-trust-store, but it was not what I wanted.

I need to store a certificate safely in our computer.

The plugin serves 2 types of provider, file and http.

Both of them allow a certificate saving as a simple file.

I thought that they don't meet our requirement.

Anyway, I appreciate Michael to give the advice.

Thanks,

Yusuke

[Michael Klishin]

I wasn't necessarily suggesting that plugin. It's just an example that a pretty different mechanism

from what the standard Erlang TLS libraries have can be implemented.

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

MK

Staff Software Engineer, Pivotal/RabbitMQ