There are two levels of authentication that can happen. * TLS Handshake
For simple TLS the broker must present a certificate that is signed by a certificate authority (CA) that the client trusts. * TLS Handshake with Client Certificate Request The broker must always send a certificate to the client to start the secure channel with the TLS Handshake. Using a client certificate request the broker can demand that the client authenticate itself by returning a certificate to the broker. The client’s identity is securely embedded in the client certificate and by carefully controlling who gets the client certificates a system administrator may control who gets access to resources in the broker. This is useful for messaging environments where the broker must confirm the identity of the client with stronger authentication than just a username and password. In your case if you are connecting to a broker using TLS/SSL and the broker does not require client certificates then you do not need the client certificates from the example. If the broker requires client certificates then your client must use certificates that the broker will accept. It is unlikely that any external setup will accept the certificates from the qpid-proton examples. ----- Original Message ----- > From: "Mani" <[email protected]> > To: [email protected] > Sent: Wednesday, December 20, 2017 10:20:39 PM > Subject: Qpid Proton: making ssl connection > > I need some basic help to understand better. I have two questions: > > 1) In order to make ssl connection, is it necessary to configure ssl > certificate and private key within the code. Wouldn't just changing the port > to 5671, having username and password, and adding amqps work? > > 2) I implemented this example: > https://github.com/apache/qpid-proton/blob/master/examples/cpp/ssl.cpp > > It works very well. I was wondering, for testing purpose, if I replace the > default address (which is 127.0.01 in the code) with the address of the site > I need to get through, do I need to generate another set of self-signed > certificate or an I use the ones already in proton folder (ssl_certs)? > Forgive my ignorance for I just started looking into ssl and couldn't find a > clear answer on this. > > Thanks, > Mani > > > > -- > Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
