Here I have put fail_if_no_peer_cert as true to enable the client certificate verification. I have 2 MQTTS ports which are 1884 and 2500. I just want to enable this peer verification only to the port 1884. Port 2500 I want to use as one way SSL with fail_if_no_peer_cert as false.
Is there a way to do this in rabbitmq.config?
following is my rabbitmq.config file
[
{
rabbit, [
{ loopback_users, [ ] },
{ tcp_listeners, [ 5672 ] },
{ ssl_listeners, [ ] },
{ ssl_options, [{cacertfile,"/home/akila/test/tls-gen/basic/result/ca_certificate.pem"},
{certfile,"/home/akila/test/tls-gen/basic/result/server_certificate.pem"},
{keyfile,"/home/akila/test/tls-gen/basic/result/server_key.pem"},
{versions, ['tlsv1.2', 'tlsv1.1']},
{verify,verify_peer},
{fail_if_no_peer_cert,true}]},
{ hipe_compile, false },
{ auth_backends, [rabbit_auth_backend_internal,rabbit_auth_backend_http]}
]
},
{rabbitmq_management, [
{ listener, [
{ port, 15672 },
{ ssl, false }
] } ]
},
{rabbitmq_mqtt, [
{ssl_listeners, [1884,2500]},
{tcp_listeners, [1883]}
]}
].
It is not possible to specify per-port TLS settings for the MQTT plugin at this time -
https://groups.google.com/d/msg/rabbitmq-users/a7PKyo3tRHc/s-KiaBgSBAAJ