We are using the rabbitmq-management REST API for different operations on the rabbitmq's entities (queues/exchanges). The standart authentication by login/password works fine, but for some reasons we would like to use password-less authentication (based on ssl certificates). According to the documentation (https://www.rabbitmq.com/management.html) it looks like there is that possibility.
But if we try to configure the plugin:
advanced.config
{rabbitmq_management,
[{listener, [{port, 15671},
{ssl, true},
{ssl_opts, [{cacertfile, "c:/Services/certs/cacert.pem"},
{certfile, "c:/Services/certs/cert.pem"},
{keyfile, "c:/Services/certs/key.pem"}]}
]}
]
}
Our client's .NET app
public Foo(string url, X509Certificate clientCert)
{
var handler = new HttpClientHandler();
handler.ClientCertificates.Add(clientCert);
_httpClient = new HttpClient(handler);
var result = await _httpClient.GetAsync(uri)
}
We get the following (Fiddler session):
Is it possible to use certificate based authentication for the rabbitmq-management plugin? If Yes, could someone give any samples or a documentation link what we have to do?
I recently answered this question on the rabbitmq-users mailing list: link.
The short answer is that you can configure the server to require a client certificate and validate that it was signed by a trusted root cert, but you will still have to provide a username and password - the user won't be extracted from the certificate.