Crypto com authenticator

Comment

Author: Admin | 2025-04-28

Hi @michaelklishin @mkuratczyk, thanks for all your input and apologies for not providing enough info earlier. I have downgraded rabbitmq to 3.13.7 and erlang to 26.0 and not seeing those errors and all working as expected. I have created a server and client authentication ssl cert using The Network Device Enrolment Service (NDES) and deployed and configured same as https://weblogs.asp.net/jeffreyabecker/Using-SSL-client-certificates-for-authentication-with-RabbitMQ. Here are my sample configs:rabbit.conf:auth_backends.1 = ldapauth_backends.1 = internalmanagement.http_log_dir = /var/log/rabbitmqlog.dir = /var/log/rabbitmqlog.file = rabbit.loglog.file.level = infolog.exchange = truelog.exchange.level = infolog.exchange.formatter = jsonadvanced.config:[ {ssl, [ {versions, ['tlsv1.2']} ]}, {rabbit, [ {ssl_listeners, [5671]}, {ssl_options, [{cacertfile, "/etc/pki/tls/certs/MyCA.pem"}, {certfile, "/etc/pki/tls/certs/server.pem"}, {keyfile, "/etc/pki/tls/private/server.key"}, {password, "t0p$3kRe7"}, {versions, ['tlsv1.2']}, {ciphers, [{ecdhe_ecdsa,aes_256_gcm,aead,sha384}, {ecdhe_rsa,aes_256_gcm,aead,sha384}, {ecdh_ecdsa,aes_256_gcm,aead,sha384}, {dhe_rsa,aes_256_gcm,aead,sha384}, {dhe_dss,aes_256_gcm,aead,sha384} ]}, {honor_cipher_order, true}, {honor_ecc_order, true}, {verify, verify_none}, {fail_if_no_peer_cert, false}]} ]} ]}, {rabbit_management, [ {listeners, [{port, 15671}, {ssl, true}, {ssl_opts, [{cacertfile, "/etc/pki/tls/certs/MyCA.pem"}, {certfile, "/etc/pki/tls/certs/server.pem"}, {keyfile, "/etc/pki/tls/private/server.key"}, {password, "t0p$3kRe7"}, {versions, ['tlsv1.2']}, {verify, verify_none}, {fail_if_no_peer_cert, false}, {client_renegotiate, false}, {secure_renegotiate, true} ]} ]} ]}, {rabbitmq_auth_backend_ldap, [ {servers, ["ldap.eng.megacorp.local", "192.168.0.100"]}, {port, 6389}, {log, true}, {connection_pool_size, 64}, {idle_timeout, 120000}, {group_lookup_base, "[group-dn, e.g. OU=SecurityGroups,OU=UserAccounts,DC=gopivotal,DC=com]"}, {vhost_access_query, { in_group, "[admin-group-dn, e.g. CN=RabbitMQAdmins,OU=SecurityGroups,OU=UserAccounts,DC=gopivotal,DC=com]" } }, {vhost_access_query, { in_group, "[user-group-dn, e.g. CN=RabbitMQUsers,OU=SecurityGroups,OU=UserAccounts,DC=gopivotal,DC=com]" } }, {resource_access_query, { for, [ {permission, configure, {in_group, "[admin-group-dn, e.g. CN=RabbitMQAdmins,OU=SecurityGroups,OU=UserAccounts,DC=gopivotal,DC=com]"}}, {permission, write, {in_group, "[admin-group-dn, e.g. CN=RabbitMQAdmins,OU=SecurityGroups,OU=UserAccounts,DC=gopivotal,DC=com]"}}, {permission, read, {in_group, "[user-group-dn, e.g. CN=RabbitMQUsers,OU=SecurityGroups,OU=UserAccounts,DC=gopivotal,DC=com]"}} ]} }, {tag_queries, [ {administrator, { in_group, "[admin-group-dn, e.g. CN=RabbitMQAdmins,OU=SecurityGroups,OU=UserAccounts,DC=gopivotal,DC=com]" }}, {monitoring, { in_group, "[user-group-dn, e.g. CN=RabbitMQUsers,OU=SecurityGroups,OU=UserAccounts,DC=gopivotal,DC=com]", "uniqueMember" }}, {management, { constant, true }} ]} ]}].Please let me know if you need any additional info from me.

Add Comment

Best Articles

EasicBitcoin trading websiteAsic codeAsic gel nimbusInvestments australiaNbminer run as administratorBitcoin cloudTop cloud miningAsic menAssp semiconductorHow to data miningAsics купитьBitmain antminer s17Acess shoesNbminer ergNbminer won't openTenis asics gelIntel blockscale asicGraphics card miningBitcoin digital currency

Subscibe