[rabbitmq-discuss] facing issues with the SSL implementations with RabbitMQ + Windows + .Net

Tue Aug 9 15:13:26 BST 2011

hello sir,

> [{amqp-0-9://localhost:5671}] = 
> {System.Security.Authentication.AuthenticationException: A call to 
> SSPI failed, see inner exception. ---> 
> System.ComponentModel.Win32Exception: The message received was 
> unexpected or badly formatted

i got this error after changing it to pem sir, and also i created the 
certificates properly as per the rabbitmq ssl steps but i haven't able 
to understand this steps mentioned:
http://www.rabbitmq.com/ssl.html#trust-dotNET,
i have executed them but all they do is opens the certmanager window.

Any suggestions.

Thanks and Regards,
Abhijit

On 8/9/2011 7:36 PM, Alexandru Scvorţov wrote:
> I managed to reproduce your error.
>
> Solution: do not use the .cer file in the broker config; use the .pem
> file.  For some reason, rather than complaining that it can't read the
> CA certificate, Erlang just silently ignores that and throws an "unknown
> CA" error.  Hurray!
>
> So, change
>    {cacertfile,"C:\\testca\\cacert.cer"}
> with
>    {cacertfile,"C:\\testca\\cacert.pem"}
>
> Please let me know if this helps.
>
> Cheers,
> Alex
>
> On Tue, Aug 09, 2011 at 06:22:23PM +0530, Abhijit wrote:
>    
>> ya sir that was set true, i would go back and look at my certification
>> creation steps and find out whether i did everything properly.
>>
>> and would let you know once that i done.
>>
>> Thanks and Regards,
>> Abhijit
>>
>> On 8/9/2011 6:18 PM, Alexandru Scvorţov wrote:
>>      
>>>> Am basically getting this error, i tried debugging and solved most of
>>>> the problems but still getting this:
>>>>
>>>>          
>>> Oh, great. My guess about the really long error was that you needed some
>>> clients to connect without providing certificates, but
>>> fail_if_no_peer_cert was set to true in the config file.  Was that
>>> right?
>>>
>>>
>>>        
>>>>> [{amqp-0-9://localhost:5671}] =
>>>>> {System.Security.Authentication.AuthenticationException: A call to
>>>>> SSPI failed, see inner exception. --->
>>>>> System.ComponentModel.Win32Exception: The certificate chain was issued
>>>>> by an authority that is not trusted
>>>>>
>>>>>            
>>> I haven't seen that before.  Did you follow the steps in our SSL guide
>>> to generate the certificate (in particular, were the client certificates
>>> signed by the CA set in the broker)?
>>>
>>> Alex
>>>
>>> On Tue, Aug 09, 2011 at 06:08:19PM +0530, Abhijit wrote:
>>>
>>>        
>>>> hi sir,
>>>>
>>>> Am basically getting this error, i tried debugging and solved most of
>>>> the problems but still getting this:
>>>>
>>>>
>>>>          
>>>>> [{amqp-0-9://localhost:5671}] =
>>>>> {System.Security.Authentication.AuthenticationException: A call to
>>>>> SSPI failed, see inner exception. --->
>>>>> System.ComponentModel.Win32Exception: The certificate chain was issued
>>>>> by an authority that is not trusted
>>>>>      --- End of inner exception stack trace -...
>>>>>
>>>>>            
>>>> Thanks and Regards,
>>>> Abhijit
>>>>
>>>>
>>>>
>>>>
>>>> On 8/9/2011 5:39 PM, Alexandru Scvorţov wrote:
>>>>
>>>>          
>>>>>> i would go ahead for now, if any queries i would again seek your help.
>>>>>>
>>>>>>
>>>>>>              
>>>>> Excellent.  Don't hesitate to ask us any more questions.
>>>>>
>>>>> Also, in the future, could you please make sure to CC the mailing list
>>>>> when replying?
>>>>>
>>>>> Cheers,
>>>>> Alex
>>>>>
>>>>> On Tue, Aug 09, 2011 at 05:31:22PM +0530, Abhijit wrote:
>>>>>
>>>>>
>>>>>            
>>>>>> hi sir,
>>>>>>
>>>>>> finally got this:
>>>>>>
>>>>>>
>>>>>>              
>>>>>>> =INFO REPORT==== 9-Aug-2011::17:28:33 ===
>>>>>>> started TCP Listener on 0.0.0.0:5672
>>>>>>>
>>>>>>> =INFO REPORT==== 9-Aug-2011::17:28:33 ===
>>>>>>> started SSL Listener on 0.0.0.0:5671
>>>>>>>
>>>>>>>
>>>>>>>                
>>>>>> your this step
>>>>>>
>>>>>> Could you copy the config file to "...\AppData\Roaming\RabbitMQ.config"
>>>>>> and try again
>>>>>>
>>>>>> helped...
>>>>>>
>>>>>> i would go ahead for now, if any queries i would again seek your help.
>>>>>>
>>>>>> Thanks and Regards,
>>>>>> Abhijit
>>>>>>
>>>>>> On 8/9/2011 5:20 PM, Alexandru Scvorţov wrote:
>>>>>>
>>>>>>
>>>>>>              
>>>>>>> That's a bit odd.  I'm not sure how that can happen.  It looks like you
>>>>>>> somehow set the RABBITMQ_CONFIG_FILE variable at some point.
>>>>>>>
>>>>>>> The file is normally in:
>>>>>>> ...\AppData\Roaming\RabbitMQ\rabbitmq.config
>>>>>>> but your system is looking for it in:
>>>>>>> ...\AppData\Roaming\RabbitMQ.config
>>>>>>>
>>>>>>> Could you copy the config file to "...\AppData\Roaming\RabbitMQ.config"
>>>>>>> and try again?  Alternatively, unset the RABBITMQ_CONFIG_FILE variable
>>>>>>> and try again without copying the file.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Alex
>>>>>>>
>>>>>>> On Tue, Aug 09, 2011 at 05:02:04PM +0530, Abhijit wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>                
>>>>>>>> I deleted the dot as you asked to and also wrote the line find which
>>>>>>>> config we are using, and found we are using the same config file and
>>>>>>>> also broker is running successfully without the dot. Am attaching the
>>>>>>>> print-screen for the command line output i received when i tried running
>>>>>>>> rabbit-mq server
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> thanks and regards,
>>>>>>>> Abhijit
>>>>>>>>
>>>>>>>> On 8/9/2011 4:50 PM, Alexandru Scvorţov wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                  
>>>>>>>>> Ok.  Could you delete the dot at the end (or introduce some other
>>>>>>>>> syntactic error) and try again?
>>>>>>>>>
>>>>>>>>> If it still runs, it's using a different configuration file.
>>>>>>>>>
>>>>>>>>> Could you also add the following line to the rabbitmq-server.bat file?
>>>>>>>>>        echo CONFIG_FILE: !RABBITMQ_CONFIG_FILE!.config
>>>>>>>>> It should go in towards the end, right before the "!ERLANG_HOME!\bin\erl.exe"
>>>>>>>>> line.
>>>>>>>>>
>>>>>>>>> That way, when you start the server manually with the .bat, we will know
>>>>>>>>> which config file it's using.
>>>>>>>>>
>>>>>>>>> Alex
>>>>>>>>>
>>>>>>>>> On Tue, Aug 09, 2011 at 04:42:32PM +0530, Abhijit wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                    
>>>>>>>>>> hi sir,
>>>>>>>>>>
>>>>>>>>>> It didn't worked as we wanted...this are the last two phrases in the log
>>>>>>>>>> file of the broker.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                      
>>>>>>>>>>> =INFO REPORT==== 9-Aug-2011::16:39:52 ===
>>>>>>>>>>> started TCP Listener on [::]:5692
>>>>>>>>>>>
>>>>>>>>>>> =INFO REPORT==== 9-Aug-2011::16:39:53 ===
>>>>>>>>>>> started TCP Listener on 0.0.0.0:5692
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                        
>>>>>>>>>> i copied the rabbitmq.config which you sent me but didn't worked out.
>>>>>>>>>>
>>>>>>>>>> Thanks and Regards,
>>>>>>>>>> Abhijit
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 8/9/2011 4:19 PM, Alexandru Scvorţov wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                      
>>>>>>>>>>>> Am using the same path, C:\Users\Administrator\AppData\Roaming\RabbitMQ\rabbitmq.config for including ssl in my app.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>                          
>>>>>>>>>>> Ok.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                        
>>>>>>>>>>>> But the file wasn't present earlier i had created that file in order to have SSL in my app at the same location.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>                          
>>>>>>>>>>> That's fine.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                        
>>>>>>>>>>>> i tried running the bat file for the rabbitmq-server that didn't help sir, do you need any part of code for inspection.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>                          
>>>>>>>>>>> The code isn't the problem right now.  It's getting rabbit to enable
>>>>>>>>>>> ssl.
>>>>>>>>>>>
>>>>>>>>>>> I'm attaching a rabbitmq.config.  Please try using that one.  Restart
>>>>>>>>>>> the broker and the last lines in the broker log should be:
>>>>>>>>>>>
>>>>>>>>>>> =INFO REPORT==== 9-Aug-2011::11:44:37 ===
>>>>>>>>>>> started TCP Listener on [::]:5672
>>>>>>>>>>>
>>>>>>>>>>> =INFO REPORT==== 9-Aug-2011::11:44:37 ===
>>>>>>>>>>> started SSL Listener on 0.0.0.0:5671
>>>>>>>>>>>
>>>>>>>>>>> Let me know how it goes, please.
>>>>>>>>>>>
>>>>>>>>>>> Cheers,
>>>>>>>>>>> Alex
>>>>>>>>>>>
>>>>>>>>>>> On Tue, Aug 09, 2011 at 04:09:42PM +0530, Abhijit wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                        
>>>>>>>>>>>> Hi Sir,
>>>>>>>>>>>>
>>>>>>>>>>>> Am using the same path, C:\Users\Administrator\AppData\Roaming\RabbitMQ\rabbitmq.config for including ssl in my app.
>>>>>>>>>>>>
>>>>>>>>>>>> But the file wasn't present earlier i had created that file in order to have SSL in my app at the same location.
>>>>>>>>>>>>
>>>>>>>>>>>> i tried running the bat file for the rabbitmq-server that didn't help sir, do you need any part of code for inspection.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks a lot for your time and replies.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Abhijit
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>                          
>>>>>>>>>>
>>>>>>>>>>                      
>>>>>>>>
>>>>>>>>                  
>>>>>>
>>>>>>              
>>>>
>>>>          
>>      