[rabbitmq-discuss] facing issues with the SSL implementations with RabbitMQ + Windows + .Net
Alexandru Scvorţov
alexandru at rabbitmq.com
Tue Aug 9 15:06:58 BST 2011
I managed to reproduce your error.
Solution: do not use the .cer file in the broker config; use the .pem
file. For some reason, rather than complaining that it can't read the
CA certificate, Erlang just silently ignores that and throws an "unknown
CA" error. Hurray!
So, change
{cacertfile,"C:\\testca\\cacert.cer"}
with
{cacertfile,"C:\\testca\\cacert.pem"}
Please let me know if this helps.
Cheers,
Alex
On Tue, Aug 09, 2011 at 06:22:23PM +0530, Abhijit wrote:
> ya sir that was set true, i would go back and look at my certification
> creation steps and find out whether i did everything properly.
>
> and would let you know once that i done.
>
> Thanks and Regards,
> Abhijit
>
> On 8/9/2011 6:18 PM, Alexandru Scvorţov wrote:
> >> Am basically getting this error, i tried debugging and solved most of
> >> the problems but still getting this:
> >>
> > Oh, great. My guess about the really long error was that you needed some
> > clients to connect without providing certificates, but
> > fail_if_no_peer_cert was set to true in the config file. Was that
> > right?
> >
> >
> >>> [{amqp-0-9://localhost:5671}] =
> >>> {System.Security.Authentication.AuthenticationException: A call to
> >>> SSPI failed, see inner exception. --->
> >>> System.ComponentModel.Win32Exception: The certificate chain was issued
> >>> by an authority that is not trusted
> >>>
> > I haven't seen that before. Did you follow the steps in our SSL guide
> > to generate the certificate (in particular, were the client certificates
> > signed by the CA set in the broker)?
> >
> > Alex
> >
> > On Tue, Aug 09, 2011 at 06:08:19PM +0530, Abhijit wrote:
> >
> >> hi sir,
> >>
> >> Am basically getting this error, i tried debugging and solved most of
> >> the problems but still getting this:
> >>
> >>
> >>> [{amqp-0-9://localhost:5671}] =
> >>> {System.Security.Authentication.AuthenticationException: A call to
> >>> SSPI failed, see inner exception. --->
> >>> System.ComponentModel.Win32Exception: The certificate chain was issued
> >>> by an authority that is not trusted
> >>> --- End of inner exception stack trace -...
> >>>
> >> Thanks and Regards,
> >> Abhijit
> >>
> >>
> >>
> >>
> >> On 8/9/2011 5:39 PM, Alexandru Scvorţov wrote:
> >>
> >>>> i would go ahead for now, if any queries i would again seek your help.
> >>>>
> >>>>
> >>> Excellent. Don't hesitate to ask us any more questions.
> >>>
> >>> Also, in the future, could you please make sure to CC the mailing list
> >>> when replying?
> >>>
> >>> Cheers,
> >>> Alex
> >>>
> >>> On Tue, Aug 09, 2011 at 05:31:22PM +0530, Abhijit wrote:
> >>>
> >>>
> >>>> hi sir,
> >>>>
> >>>> finally got this:
> >>>>
> >>>>
> >>>>> =INFO REPORT==== 9-Aug-2011::17:28:33 ===
> >>>>> started TCP Listener on 0.0.0.0:5672
> >>>>>
> >>>>> =INFO REPORT==== 9-Aug-2011::17:28:33 ===
> >>>>> started SSL Listener on 0.0.0.0:5671
> >>>>>
> >>>>>
> >>>> your this step
> >>>>
> >>>> Could you copy the config file to "...\AppData\Roaming\RabbitMQ.config"
> >>>> and try again
> >>>>
> >>>> helped...
> >>>>
> >>>> i would go ahead for now, if any queries i would again seek your help.
> >>>>
> >>>> Thanks and Regards,
> >>>> Abhijit
> >>>>
> >>>> On 8/9/2011 5:20 PM, Alexandru Scvorţov wrote:
> >>>>
> >>>>
> >>>>> That's a bit odd. I'm not sure how that can happen. It looks like you
> >>>>> somehow set the RABBITMQ_CONFIG_FILE variable at some point.
> >>>>>
> >>>>> The file is normally in:
> >>>>> ...\AppData\Roaming\RabbitMQ\rabbitmq.config
> >>>>> but your system is looking for it in:
> >>>>> ...\AppData\Roaming\RabbitMQ.config
> >>>>>
> >>>>> Could you copy the config file to "...\AppData\Roaming\RabbitMQ.config"
> >>>>> and try again? Alternatively, unset the RABBITMQ_CONFIG_FILE variable
> >>>>> and try again without copying the file.
> >>>>>
> >>>>> Cheers,
> >>>>> Alex
> >>>>>
> >>>>> On Tue, Aug 09, 2011 at 05:02:04PM +0530, Abhijit wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>> I deleted the dot as you asked to and also wrote the line find which
> >>>>>> config we are using, and found we are using the same config file and
> >>>>>> also broker is running successfully without the dot. Am attaching the
> >>>>>> print-screen for the command line output i received when i tried running
> >>>>>> rabbit-mq server
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> thanks and regards,
> >>>>>> Abhijit
> >>>>>>
> >>>>>> On 8/9/2011 4:50 PM, Alexandru Scvorţov wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> Ok. Could you delete the dot at the end (or introduce some other
> >>>>>>> syntactic error) and try again?
> >>>>>>>
> >>>>>>> If it still runs, it's using a different configuration file.
> >>>>>>>
> >>>>>>> Could you also add the following line to the rabbitmq-server.bat file?
> >>>>>>> echo CONFIG_FILE: !RABBITMQ_CONFIG_FILE!.config
> >>>>>>> It should go in towards the end, right before the "!ERLANG_HOME!\bin\erl.exe"
> >>>>>>> line.
> >>>>>>>
> >>>>>>> That way, when you start the server manually with the .bat, we will know
> >>>>>>> which config file it's using.
> >>>>>>>
> >>>>>>> Alex
> >>>>>>>
> >>>>>>> On Tue, Aug 09, 2011 at 04:42:32PM +0530, Abhijit wrote:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>> hi sir,
> >>>>>>>>
> >>>>>>>> It didn't worked as we wanted...this are the last two phrases in the log
> >>>>>>>> file of the broker.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>> =INFO REPORT==== 9-Aug-2011::16:39:52 ===
> >>>>>>>>> started TCP Listener on [::]:5692
> >>>>>>>>>
> >>>>>>>>> =INFO REPORT==== 9-Aug-2011::16:39:53 ===
> >>>>>>>>> started TCP Listener on 0.0.0.0:5692
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>> i copied the rabbitmq.config which you sent me but didn't worked out.
> >>>>>>>>
> >>>>>>>> Thanks and Regards,
> >>>>>>>> Abhijit
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On 8/9/2011 4:19 PM, Alexandru Scvorţov wrote:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>> Am using the same path, C:\Users\Administrator\AppData\Roaming\RabbitMQ\rabbitmq.config for including ssl in my app.
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>> Ok.
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>> But the file wasn't present earlier i had created that file in order to have SSL in my app at the same location.
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>> That's fine.
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>> i tried running the bat file for the rabbitmq-server that didn't help sir, do you need any part of code for inspection.
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>> The code isn't the problem right now. It's getting rabbit to enable
> >>>>>>>>> ssl.
> >>>>>>>>>
> >>>>>>>>> I'm attaching a rabbitmq.config. Please try using that one. Restart
> >>>>>>>>> the broker and the last lines in the broker log should be:
> >>>>>>>>>
> >>>>>>>>> =INFO REPORT==== 9-Aug-2011::11:44:37 ===
> >>>>>>>>> started TCP Listener on [::]:5672
> >>>>>>>>>
> >>>>>>>>> =INFO REPORT==== 9-Aug-2011::11:44:37 ===
> >>>>>>>>> started SSL Listener on 0.0.0.0:5671
> >>>>>>>>>
> >>>>>>>>> Let me know how it goes, please.
> >>>>>>>>>
> >>>>>>>>> Cheers,
> >>>>>>>>> Alex
> >>>>>>>>>
> >>>>>>>>> On Tue, Aug 09, 2011 at 04:09:42PM +0530, Abhijit wrote:
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>> Hi Sir,
> >>>>>>>>>>
> >>>>>>>>>> Am using the same path, C:\Users\Administrator\AppData\Roaming\RabbitMQ\rabbitmq.config for including ssl in my app.
> >>>>>>>>>>
> >>>>>>>>>> But the file wasn't present earlier i had created that file in order to have SSL in my app at the same location.
> >>>>>>>>>>
> >>>>>>>>>> i tried running the bat file for the rabbitmq-server that didn't help sir, do you need any part of code for inspection.
> >>>>>>>>>>
> >>>>>>>>>> Thanks a lot for your time and replies.
> >>>>>>>>>>
> >>>>>>>>>> Regards,
> >>>>>>>>>> Abhijit
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>
> >>>>>>
> >>>>
> >>>>
> >>
>
More information about the rabbitmq-discuss
mailing list