Does CloudAMQP support TLS/SSL + certificate?

We do support TLS (SSL). In most clients it is easy to use TLS, just replace amqp:// with amqps:// in the URL.

We normally recommend using TLS with a server-side cert for encryption and then username/password authentication. It is possible to use client certificates, but it's not that easy to maintain a CA in terms of proper certificate generation e.t.c. We normally advise against it as the security benefits are questionable.

More details are found here: http://www.rabbitmq.com/ssl.html

All servers are configured with server certificates signed by a CA found in your default trust store.

If you want to use client certificates we can help you install the public part of the CA on the server and enable peer verification, but you have to manage the certificate generation yourself.

Note: TLS will only secure messages during the transport. What we recommend for highly sensitive information (HIPAA, PCI etc) is that you encrypt your message bodies on your side and that you have a shared key between your publishers and your consumers.