1
votes

I have written a client / server apps on .Net which authenticate against RabbitMQ using username/password/server.

Our security team suggested to change this to certificate authentication. I have searched RabbitMQ site and on forums but could not locate a solution.

How do I install, configure certificates in .Net Client and Server components (and/or machines) for authentication? What are the parameters needed to create connection in this scenario? Can any one please point to the right resource of example, if any? Thanks

1

1 Answers

6
votes

On the broker side

The RabbitMQ server is provided with a plugin called rabbitmq-auth-mechanism-ssl which allows you to authenticate users based on client certificates. I consider that the broker is already configured to accept TLS connections. If it's not the case already, you should follow the documentation about TLS on RabbitMQ website.

To configure the plugin, there are two steps you must follow:

  1. You need to enable the plugin:

    rabbitmq-plugins enable rabbitmq_auth_mechanism_ssl
    
  2. You need to add the new authentication method to the the accepted methods in the broker's configuration file (usually /etc/rabbitmq/rabbitmq.conf on Unix for instance). See the rabbitmq-auth-mechanism-ssl'sREADME.md` for some examples.

When this is done, you need to restart the broker for the new configuration to be active.

On the client side

The documentation about TLS I mentionned above gives examples for several client libraries, including the .NET one. You will find source codes and commands.