Use a certificate as authentication

nservicebus
rabbitmq

(Xavier Steffen) #1

Hello,

I’ve tried to connect to RabbitMQ through NServiceBus using only a certificate (The target is to avoid the use of username/password). Based of what I’ve found in documentation, I wrote the following connection string:

It seems that NServiceBus submit guest as username when nothing is supplied:
2019-04-02 16:50:20.039 [error] <0.10575.167> Error on AMQP connection <0.10575.167> (IPSTUFFREMOVED, state: starting):
PLAIN login refused: user ‘guest’ can only connect via localhost

Is it possible to connect using only a certificate ? If yes, do you have documentation about the way of doing it?

Regards,

Xav


(Brandon Ording) #2

If you want to use the certificate for authentication, you have call the API that sets that up:

https://docs.particular.net/transports/rabbitmq/connection-settings#transport-layer-security-support-external-authentication


(Xavier Steffen) #3

It works perfectly! Many thanks.

I need to set the certificate from a store, via the code it’s easy but I wonder if there is a way to specify it in the connection string?

//Testing code
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection storecollection = (X509Certificate2Collection) store.Certificates;

        foreach (X509Certificate2 x509 in storecollection)
        {
            if (x509.FriendlyName.Contains("InvoiceGen"))
            {
                transport.UseExternalAuthMechanism();
                transport.SetClientCertificates(new X509CertificateCollection(new[] {x509}));
                break;
            }
        }

(Brandon Ording) #4

The connection string options only work if you have a certificate file on disk that you want to use. If you need to read it from a store, you’ll need to do it from code like your example code shows.