rabbitmq/tls-gen rabbitmq/tls-gen

  • Stars
    star
    362
  • Rank 117,654 (Top 3 %)
  • Language
    Python
  • License
    Mozilla Public Li...
  • Created over 11 years ago
  • Updated 6 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
rabbitmq/tls-gen
github

rabbitmq

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Generates self-signed x509/TLS/SSL certificates useful for development

TLS (SSL, x.509) Certificate Generator

tls-gen is an OpenSSL-based tool that generates self-signed x.509 certificates that are meant to be used in development and QA environments.

The project is originally extracted from a number of RabbitMQ test suites.

What It Does

tls-gen generates a self-signed Certificate Authority (CA) certificate and two or more pairs of keys: client and server, all with a single command.

It supports more than one profile that generates certificate chains of different length and "shape".

Private keys can be generated using RSA as well as ECC.

Prerequisites

tls-gen requires

  • openssl
  • Python 3.6 or later in PATH as python3 (older versions are not supported)
  • make
  • hostname

Usage

Certificate authorities (CAs) and certificates can form chains. tls-gen provides several "profiles" that produce different kinds of certificate chains:

  • Profile 1: a root CA with leaf certificate/key pairs signed by it
  • Profile 2: a root CA with multiple shared intermediary certificates and leaf pairs signed by the intermediaries
  • Profile 3: a root CA with two intermediary certificates (one for server, one for client) and leaf pairs signed by the intermediaries

Each profile has a sub-directory in repository root. All profiles use the same make targets and directory layouts that are as close as possible.

Profile 1 (Basic Profile)

To generate a CA, client and server private key/certificate pairs, run make from the basic profile directory with the PASSWORD variable providing the passphrase:

cd [path to tls-gen repository]/basic
# pass a private key password using the PASSWORD variable if needed
make

## copy or move files to use hostname-neutral filenames
## such as client_certificate.pem and client_key.pem,
## this step is optional
# make alias-leaf-artifacts

# results will be under the ./result directory
ls -lha ./result

Generated CA certificate as well as client and server certificate and private keys will be under the result directory. Their names will include hostnames. To use "host-neutral" names such as client_certificate.pem and client_key.pem, use

make alias-leaf-artifacts

It is possible to use ECC for leaf keys:

cd [path to tls-gen repository]/basic
# pass a private key password using the PASSWORD variable if needed
make USE_ECC=true ECC_CURVE="prime256v1"
# results will be under the ./result directory
ls -lha ./result

The list of available curves can be obtained with

openssl ecparam -list_curves

Profile 2 (Shared Chained Certificates)

To generate a root CA, 2 shared intermediate CAs, client and server key/certificate pairs, run make from the two_shared_intermediates directory:

# pass a private key password using the PASSWORD variable if needed
make
# results will be under the ./result directory
ls -lha ./result

It is possible to use ECC for intermediate and leaf keys:

make USE_ECC=true ECC_CURVE="prime256v1"
# results will be under the ./result directory
ls -lha ./result

The list of available curves can be obtained with

openssl ecparam -list_curves

Profile 3 (Separate Certificate Chains)

To generate a root CA, 2 intermediate CAs (one for server, one for client), client and server key/certificate pairs, run make from the separate_intermediates directory:

# pass a private key password using the PASSWORD variable if needed
make
# results will be under the ./result directory
ls -lha ./result

It is possible to use ECC for intermediate and leaf keys:

make USE_ECC=true ECC_CURVE="prime256v1"
# results will be under the ./result directory
ls -lha ./result

The list of available curves can be obtained with

openssl ecparam -list_curves

Regeneration

To generate a new set of keys and certificates, use

# pass a private key password using the PASSWORD variable if needed
make regen

The regen target accepts the same variables as gen (default target) above.

Verification

You can verify the generated client and server certificates against the generated CA one with

make verify

Overriding CN (Common Name)

By default, certificate's CN (Common Name) is calculated using hostname.

It is possible to override CN with a make variable:

make CN=secure.mydomain.local

Overriding Certificate Validity Period

By default certificates will be valid for 3650 days (about 10 years). The period can be changed by overriding the DAYS_OF_VALIDITY variable

make DAYS_OF_VALIDITY=365

Generating Expired Certificates

It may be necessary to generate an expired certificate, e.g. to test TLS handshake and peer verification failures. To do so, set the certificate validity in days to a negative value:

make DAYS_OF_VALIDITY=-7

Overriding Number of Private Key Bits

It is possible to override the number of private key bits with a make variable:

make NUMBER_OF_PRIVATE_KEY_BITS=4096

Certificate Information

To display information about generated certificates, use

make info

This assumes the certificates were previously generated.

License

Mozilla Public License, see LICENSE.

More Repositories

1

rabbitmq-server

Open source RabbitMQ: core server and tier 1 (built-in) plugins
Starlark
11,952
star
2

rabbitmq-tutorials

Tutorials for using RabbitMQ in various ways
Java
6,393
star
3

rabbitmq-dotnet-client

RabbitMQ .NET client for .NET Standard 2.0+ and .NET 4.6.2+
C#
2,056
star
4

rabbitmq-delayed-message-exchange

Delayed Messaging for RabbitMQ
Erlang
1,992
star
5

internals

High level architecture overview
1,444
star
6

amqp091-go

An AMQP 0-9-1 Go client maintained by the RabbitMQ team. Originally by @streadway: `streadway/amqp`
Go
1,319
star
7

rabbitmq-java-client

RabbitMQ Java client
Java
1,227
star
8

cluster-operator

RabbitMQ Cluster Kubernetes Operator
Go
865
star
9

ra

A Raft implementation for Erlang and Elixir that strives to be efficient and make it easier to use multiple Raft clusters in a single system.
Erlang
800
star
10

rabbitmq-website

RabbitMQ website
JavaScript
769
star
11

erlang-rpm

Latest Erlang/OTP releases packaged as a zero dependency RPM, just enough for running RabbitMQ
Shell
540
star
12

rabbitmq-management

RabbitMQ Management UI and HTTP API
Erlang
369
star
13

rabbitmq-perf-test

A load testing tool
Java
355
star
14

khepri

Khepri is a tree-like replicated on-disk database library for Erlang and Elixir.
Erlang
317
star
15

erlando

Erlando
Erlang
306
star
16

rabbitmq-sharding

Sharded logical queues for RabbitMQ: a queue type which provides improved parallelism and thoughput at the cost of total ordering
Erlang
303
star
17

rabbitmq-peer-discovery-k8s

Kubernetes-based peer discovery mechanism for RabbitMQ
Erlang
296
star
18

rabbitmq-objc-client

RabbitMQ client for Objective-C and Swift
Objective-C
241
star
19

chef-cookbook

Development repository for Chef cookbook RabbitMQ
Ruby
211
star
20

rmq-0mq

ZeroMQ support in RabbitMQ
Erlang
210
star
21

rabbitmq-consistent-hash-exchange

RabbitMQ Consistent Hash Exchange Type
Erlang
209
star
22

rabbitmq-auth-backend-http

HTTP-based authorisation and authentication for RabbitMQ
Makefile
199
star
23

rabbitmq-erlang-client

Erlang client for RabbitMQ
Erlang
185
star
24

rabbitmq-mqtt

RabbitMQ MQTT plugin
Erlang
173
star
25

rabbitmq-stream-go-client

A client library for RabbitMQ streams
Go
167
star
26

rabbitmq-stream-rust-client

A client library for RabbitMQ streams
Rust
148
star
27

rabbitmq-prometheus

A minimalistic Prometheus exporter of core RabbitMQ metrics
Erlang
145
star
28

looking_glass

An Erlang/Elixir/BEAM profiler tool
Erlang
139
star
29

hop

RabbitMQ HTTP API client for Java, Groovy, and other JVM languages
Java
137
star
30

messaging-topology-operator

RabbitMQ messaging topology operator
Go
123
star
31

rabbitmq-cli

Command line tools for RabbitMQ
Elixir
105
star
32

rabbitmq-stream-dotnet-client

RabbitMQ client for the stream protocol
C#
100
star
33

rabbitmq-web-stomp-examples

Makefile
94
star
34

rabbitmq-amqp1.0

AMQP 1.0 support for RabbitMQ
Erlang
93
star
35

rabbitmq-web-stomp

Provides support for STOMP over WebSockets
Erlang
89
star
36

rabbitmq-recent-history-exchange

RabbitMQ Recent History Exchange
Makefile
82
star
37

diy-kubernetes-examples

Examples that demonstrate how deploy a RabbitMQ cluster to Kubernetes, the DIY way
Makefile
82
star
38

rabbitmq-event-exchange

Expose broker events as messages
Erlang
78
star
39

rabbitmq-clusterer

This project is ABANDONWARE. Use https://www.rabbitmq.com/cluster-formation.html instead.
Erlang
72
star
40

rabbitmq-message-timestamp

A RabbitMQ plugin that adds a timestamp to all incoming messages
Makefile
72
star
41

rabbitmq-common

Common library used by rabbitmq-server and rabbitmq-erlang-client
Erlang
66
star
42

rabbitmq-c

The official rabbitmq-c sources have moved to:
C
65
star
43

tgir

Official repository for Thank Goodness It's RabbitMQ (TGIR)!
Makefile
65
star
44

rabbitmq-jms-client

RabbitMQ JMS client
Java
61
star
45

rabbit-socks

Websocket and Socket.IO support for RabbitMQ (deprecated -- see https://github.com/sockjs/sockjs-erlang instead)
Erlang
58
star
46

rabbitmq-web-mqtt

Provides support for MQTT over WebSockets
Erlang
55
star
47

rabbitmq-stream-java-client

RabbitMQ Stream Java Client
Java
55
star
48

rabbitmq-top

Adds top-like information on the Erlang VM to the management plugin.
Makefile
55
star
49

rabbitmq-shovel

RabbitMQ Shovel plugin
Erlang
53
star
50

rabbitmq-auth-mechanism-ssl

RabbitMQ TLS (x509 certificate) authentication mechanism
Makefile
52
star
51

aten

An adaptive accrual node failure detection library for Elixir and Erlang
Erlang
50
star
52

rabbitmq-stomp

RabbitMQ STOMP plugin
Erlang
49
star
53

rabbitmq-tracing

RabbitMQ Tracing
Erlang
48
star
54

mnevis

Raft-based, consensus oriented implementation of Mnesia transactions
Erlang
48
star
55

gen-batch-server

A generic batching server for Erlang and Elixir
Erlang
47
star
56

rabbitmq-priority-queue

Priority Queues
46
star
57

osiris

Log based streaming subsystem for RabbitMQ
Erlang
45
star
58

rabbitmq-management-visualiser

RabbitMQ Topology Visualiser
JavaScript
41
star
59

rabbitmq-oauth2-tutorial

Explore integration of RabbitMQ with Oauth 2.0 auth backend plugin
Shell
41
star
60

rabbitmq-peer-discovery-consul

Consul-based peer discovery backend for RabbitMQ 3.7.0+
Erlang
40
star
61

rabbitmq-federation

RabbitMQ Federation plugin
Erlang
39
star
62

rabbitmq-auth-backend-oauth2

RabbitMQ authorization backend that uses OAuth 2.0 (JWT) tokens
Erlang
38
star
63

rabbitmq-codegen

RabbitMQ protocol code-generation and machine-readable spec
Python
37
star
64

support-tools

A staging area for various support and troubleshooting tools that are not (or not yet) included into RabbitMQ distribution
Shell
36
star
65

ra-kv-store

Raft-based key-value store
Clojure
33
star
66

rabbitmq-perf-html

Web page to view performance results
JavaScript
33
star
67

rabbitmq-web-mqtt-examples

Examples for the Web MQTT plugin
JavaScript
32
star
68

rabbitmq-public-umbrella

Work with ease on multiple RabbitMQ sub-projects, e.g. core broker, plugins and some client libraries
Makefile
32
star
69

rules_erlang

Bazel rules for building Erlang applications and libraries
Starlark
32
star
70

rabbitmq-smtp

RabbitMQ SMTP gateway
Erlang
31
star
71

rabbitmq-metronome

RabbitMQ example plugin
Makefile
27
star
72

rabbitmq-rtopic-exchange

RabbitMQ Reverse Topic Exchange
Erlang
27
star
73

horus

Erlang library to create standalone modules from anonymous functions
Erlang
25
star
74

workloads

Continuous validation of RabbitMQ workloads
JavaScript
24
star
75

rabbitmq-tracer

AMQP 0-9-1 protocol analyzer
Java
24
star
76

rabbitmq-peer-discovery-aws

AWS-based peer discovery backend for RabbitMQ 3.7.0+
Erlang
24
star
77

rabbitmq-shovel-management

RabbitMQ Shovel Management
Makefile
23
star
78

rabbitmq-auth-backend-ldap

RabbitMQ LDAP authentication
Erlang
22
star
79

rabbitmq-management-themes

Makefile
22
star
80

rabbitmq-auth-backend-amqp

Authentication over AMQP RPC
Erlang
20
star
81

rabbitmq-amqp1.0-client

Erlang AMQP 1.0 client
Erlang
20
star
82

erlang-data-structures

Erlang Data Structures
Erlang
20
star
83

chocolatey-package

RabbitMQ chocolatey package
PowerShell
19
star
84

lz4-erlang

LZ4 compression library for Erlang.
C
19
star
85

rabbitmq-service-nodejs-sample

A simple node.js sample app for the RabbitMQ service/add-on
JavaScript
18
star
86

rabbitmq-auth-backend-oauth2-spike

See rabbitmq/rabbitmq-auth-backend-oauth2 instead.
Erlang
17
star
87

rabbitmq-msg-store-index-eleveldb

LevelDB-based message store index for RabbitMQ
Erlang
17
star
88

rabbitmq-management-agent

RabbitMQ Management Agent
Erlang
17
star
89

rabbitmq-auth-backend-cache

Authorisation result caching plugin (backend) for RabbitMQ
Erlang
17
star
90

rabbitmq-jsonrpc-channel

RabbitMQ JSON-RPC Channels
JavaScript
15
star
91

rabbitmq-ha

Highly available queues for RabbitMQ
Erlang
15
star
92

rabbitmq-jsonrpc

RabbitMQ JSON-RPC Integration
Makefile
15
star
93

stdout_formatter

Erlang library to format paragraphs, lists and tables as plain text
Erlang
15
star
94

rabbitmq-peer-discovery-etcd

etcd-based peer discovery backend for RabbitMQ 3.7.0+
Erlang
15
star
95

rabbitmq-federation-management

RabbitMQ Federation Management
Makefile
14
star
96

credentials-obfuscation

Tiny library/OTP app for credential obfuscation
Erlang
14
star
97

rabbitmq-server-release

RabbitMQ packaging and release engineering bits that do not belong to the Concourse pipelines.
Shell
13
star
98

seshat

Erlang
13
star
99

rabbitmq-jms-topic-exchange

Custom exchange that implements JMS topic selection for RabbitMQ
Erlang
13
star
100

rabbitmq-store-exporter

RabbitMQ Store Exporter
Erlang
12
star