2

I am trying to connect to RabbitMQ using Pika. We are using certificates (ssl) to do this. Here is their (Pika's) example:

context = ssl.create_default_context(
    cafile="PIKA_DIR/testdata/certs/ca_certificate.pem")
context.load_cert_chain("PIKA_DIR/testdata/certs/client_certificate.pem",
                        "PIKA_DIR/testdata/certs/client_key.pem")
ssl_options = pika.SSLOptions(context, "localhost")
conn_params = pika.ConnectionParameters(port=5671, ssl_options=ssl_options)

This is great, if our cert files had a file path, but we are on Windows and they are stored in the windows store. So I don't believe load_cert_chain() as provided above will work.

I am able to access (or see) the specific cert like this:

context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.load_default_certs()
certs = context.get_ca_certs()

But this gets a list of certs. I don't see any obvious way to search through and grab the cert I need. And even if I could, I am not sure how to make the code connection to "pika.SSLOptions(context,...)"

So there are two questions here, but the more important one is this:

  1. How can I pull out a specific certificate from the windows store (since I don't have a file path)?

(the other question is how to connect this to Pika but I may be able to figure that out if the above question is answered)

Note: Pika is just a third party library that interfaces with RabbitMQ. Note2: Using Python3.5

TheLettuceMaster
  • 15,594
  • 48
  • 153
  • 259

1 Answers1

1

It looks like, after reading some hits from this search that most Python libraries that deal with the Windows cert store do so to fetch CA certs and CRL lists and not individual certs so much.

The wincertstore library might be what you're looking for.

NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.

Luke Bakken
  • 8,993
  • 2
  • 20
  • 33
  • Thanks I did look at that, but looking at it again, it may be worth a shot. Taking a step back, I am wondering if what I am being tasked to do is even possible. I am being told we can NOT keep the .pem files in a windows folder, but must retrieve them from the CA/ROOT certs store. Looking at the actual RabbitMQ documentation, I only see it saying the cacertfile, keyfile and cafile are actual paths, e.g., "/path/to/*.pem" . So either Pika is able to convert these certs file from store to an actual path, or am I am being tasked with an impossible mission. – TheLettuceMaster Mar 16 '19 at 20:57
  • Quick update: Playing around with wincertstore, it has a method to get_pem() which is the actual certificate file contents. Passing this to pika, may ultimately be what I need. Once I figure out how to get pass in the keyfile cafile and certfile all this way, I think this will work! – TheLettuceMaster Mar 16 '19 at 21:56