Local CRL file for RabbitMQ

[Eoin Kim]

Hi Team,

I have configured a local CRL file for TLS peer verification. I am trying to figure out how to set this up in rabbitmq.conf file.

I've set ssl_options.crl_check = true but I think there should be also a sort of configuration where the RabbitMQ should look at.

Could I please get some help regarding this? Thank you.

Eoin

[Luke Bakken]

Hello Eoin,

TLS CRL files are specified in the certificates themselves, and are fetched via HTTP. This is not specific to RabbitMQ, but it's how CRLs work.

If you search the rabbitmq-users mailing list archives for "CRL" you'll see that I have assisted several users with this in the past. See this message, for instance -

https://groups.google.com/g/rabbitmq-users/c/FEzSCxFnmrQ/m/w9IxzUdSCAAJ

You should be able to get the info you need from this repository - https://github.com/lukebakken/rabbitmq-users-crl-6LjcEo9cn98

Thanks,

Luke

[Eoin Kim]

Hi Luke,

Thanks for your response, no worries.

I understand how PKI works. I just hoped there would be such an option where CRL file can be directly loaded to RabbitMQ instead of using the web service as I saw some applications supporting it.

All good. Thanks again.

Eoin