TLS without client certificate

84 views
Skip to first unread message

Jim Talbut

unread,
Nov 3, 2021, 5:17:38 AM11/3/21
to rabbitmq-users
Hi,
With the Java client, is it possible to connect to RabbitMQ using TLS without using any kind of client certificate?
If so, how?

I can't find any examples that demonstrate doing so and my attempts just result in errors.

Thanks

Yonghua Peng

unread,
Nov 3, 2021, 6:32:52 AM11/3/21
to rabbitm...@googlegroups.com
You can't. When you install the ssl library it will install the default SSL certificates from the big CA.

Regards.


--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/8ac64b24-3f0c-4d85-8568-220cecd7b8ffn%40googlegroups.com.

Arnaud Cogoluègnes

unread,
Nov 3, 2021, 10:04:21 AM11/3/21
to rabbitmq-users
It is possible, you have to pass null to the first argument of SSLContext.init(). Make sure to configure the server appropriately (ssl_options.verify = verify_peer, ssl_options.fail_if_no_peer_cert = false).

Note this is OK for development environment, but make sure this is appropriate for your production environment.

Jim Talbut

unread,
Nov 3, 2021, 10:10:51 AM11/3/21
to rabbitmq-users
Thank you.
That's working now - I thought I was getting errors when I tried that earlier, turns out the errors were from elsewhere.

What I still can't get working is SSL with NIO, if I enable NIO it hangs in the call to connect.

  @Test
  public void testSsl() throws Throwable {
    
    char[] trustPassphrase = "password".toCharArray();
    KeyStore tks = KeyStore.getInstance("JKS");
    InputStream tustKeyStoreStream = this.getClass().getResourceAsStream("/ssl-server/localhost-test-rabbit-store");
    tks.load(tustKeyStoreStream, trustPassphrase);

    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
    tmf.init(tks);

    SSLContext c = SSLContext.getInstance("TLSv1.3");
    c.init(null, tmf.getTrustManagers(), null);

    ConnectionFactory factory = new ConnectionFactory();
    factory.setHost("localhost");
    factory.setPort(5671);
    factory.useNio();
    factory.useSslProtocol(c);

    Connection conn = factory.newConnection();
    assertNotNull(conn);
    conn.close();
    logger.info("Connected");

  }
That test passes if I remove the call to useNio().

Is that a known issue?

Thanks again.

Reply all
Reply to author
Forward
0 new messages