SSL Authentication to RabbitMQ


(Shane Eddy) #1

We are trying to get our logstatsh rabbitmq plugin to authenticate to our RabbitMQ instance using PKI credentials. We've updated our logstash-rmq.config file with the following:

HOST=localhost
PORT=5671
VHOST=/logstash
SSL=true
SSLCERTPATH=/etc/pki/nw/node/node.p12
SSLCERTPWD=pwd
EXCHANGE=app.exchange
QUEUE=ls-audit
AUTO_DELETE=true

From our other rabbitMQ clients a similar configuration goes through a mutual SSL authentication and the CN on our identity certificate in the keystore maps to the account in RabbitMQ. For Logstash, it doesn't matter what is in our keystore, Rabbit is authenticating the connection as the Guest user. If we update the configuration to be something like:

HOST=localhost
PORT=5671
VHOST=/logstash
SSL=true
SSLCERTPATH=/etc/pki/nw/node/node.p12
SSLCERTPWD=pwd
EXCHANGE=app.exchange
QUEUE=ls-audit
AUTO_DELETE=true
USER=logstashpkiuser

then we get an error because there is no password set. Is it possible to configure the plugin to use the identity in the keystore to authenticate to rabbit or is the SSL configuration simply intended to provide transport encryption not authentication?


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.