[rabbitmq-discuss] facing issues with the SSL implementations with RabbitMQ + Windows + .Net

Abhijit abhijit.sinha at kiprosh.com
Tue Aug 9 15:40:37 BST 2011


hi sir ,

i have added all those certificates as trusted, still am getting this

> base {System.Runtime.InteropServices.ExternalException} = {"The 
> certificate chain was issued by an authority that is not trusted"}

thanks a lot for the replies let me know if any suggestions.

Thanks and Regards,
Abhijit


On 8/9/2011 7:58 PM, Alexandru Scvorţov wrote:
>> http://www.rabbitmq.com/ssl.html#trust-dotNET,
>> i have executed them but all they do is opens the certmanager window.
>>      
> There are two versions of the certmgr program.  One of the is shipped
> with Windows and is the graphical version you use.  The other is shipped
> with the Windows SDK and is a command line version.
>
> You can use the graphical version: start it up, click Import, select
> testca/cacert.cer, click Next, *IMPORTANT* select the Trusted Root
> Certification Authorities store, click Next... until it's imported.
>
>    
>>> [{amqp-0-9://localhost:5671}] =
>>> {System.Security.Authentication.AuthenticationException: A call to
>>> SSPI failed, see inner exception. --->
>>> System.ComponentModel.Win32Exception: The message received was
>>> unexpected or badly formatted
>>>        
> The error you're getting doesn't sound like it's because of this, but
> you'll need to import the certificate anyway.  Maybe it will help.
>
> Cheers,
> Alex
>
> On Tue, Aug 09, 2011 at 07:43:26PM +0530, Abhijit wrote:
>    
>> hello sir,
>>
>>      
>>> [{amqp-0-9://localhost:5671}] =
>>> {System.Security.Authentication.AuthenticationException: A call to
>>> SSPI failed, see inner exception. --->
>>> System.ComponentModel.Win32Exception: The message received was
>>> unexpected or badly formatted
>>>        
>> i got this error after changing it to pem sir, and also i created the
>> certificates properly as per the rabbitmq ssl steps but i haven't able
>> to understand this steps mentioned:
>> http://www.rabbitmq.com/ssl.html#trust-dotNET,
>> i have executed them but all they do is opens the certmanager window.
>>
>> Any suggestions.
>>
>> Thanks and Regards,
>> Abhijit
>>
>>
>> On 8/9/2011 7:36 PM, Alexandru Scvorţov wrote:
>>      
>>> I managed to reproduce your error.
>>>
>>> Solution: do not use the .cer file in the broker config; use the .pem
>>> file.  For some reason, rather than complaining that it can't read the
>>> CA certificate, Erlang just silently ignores that and throws an "unknown
>>> CA" error.  Hurray!
>>>
>>> So, change
>>>     {cacertfile,"C:\\testca\\cacert.cer"}
>>> with
>>>     {cacertfile,"C:\\testca\\cacert.pem"}
>>>
>>> Please let me know if this helps.
>>>
>>> Cheers,
>>> Alex
>>>
>>> On Tue, Aug 09, 2011 at 06:22:23PM +0530, Abhijit wrote:
>>>
>>>        
>>>> ya sir that was set true, i would go back and look at my certification
>>>> creation steps and find out whether i did everything properly.
>>>>
>>>> and would let you know once that i done.
>>>>
>>>> Thanks and Regards,
>>>> Abhijit
>>>>
>>>> On 8/9/2011 6:18 PM, Alexandru Scvorţov wrote:
>>>>
>>>>          
>>>>>> Am basically getting this error, i tried debugging and solved most of
>>>>>> the problems but still getting this:
>>>>>>
>>>>>>
>>>>>>              
>>>>> Oh, great. My guess about the really long error was that you needed some
>>>>> clients to connect without providing certificates, but
>>>>> fail_if_no_peer_cert was set to true in the config file.  Was that
>>>>> right?
>>>>>
>>>>>
>>>>>
>>>>>            
>>>>>>> [{amqp-0-9://localhost:5671}] =
>>>>>>> {System.Security.Authentication.AuthenticationException: A call to
>>>>>>> SSPI failed, see inner exception. --->
>>>>>>> System.ComponentModel.Win32Exception: The certificate chain was issued
>>>>>>> by an authority that is not trusted
>>>>>>>
>>>>>>>
>>>>>>>                
>>>>> I haven't seen that before.  Did you follow the steps in our SSL guide
>>>>> to generate the certificate (in particular, were the client certificates
>>>>> signed by the CA set in the broker)?
>>>>>
>>>>> Alex
>>>>>
>>>>> On Tue, Aug 09, 2011 at 06:08:19PM +0530, Abhijit wrote:
>>>>>
>>>>>
>>>>>            
>>>>>> hi sir,
>>>>>>
>>>>>> Am basically getting this error, i tried debugging and solved most of
>>>>>> the problems but still getting this:
>>>>>>
>>>>>>
>>>>>>
>>>>>>              
>>>>>>> [{amqp-0-9://localhost:5671}] =
>>>>>>> {System.Security.Authentication.AuthenticationException: A call to
>>>>>>> SSPI failed, see inner exception. --->
>>>>>>> System.ComponentModel.Win32Exception: The certificate chain was issued
>>>>>>> by an authority that is not trusted
>>>>>>>       --- End of inner exception stack trace -...
>>>>>>>
>>>>>>>
>>>>>>>                
>>>>>> Thanks and Regards,
>>>>>> Abhijit
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 8/9/2011 5:39 PM, Alexandru Scvorţov wrote:
>>>>>>
>>>>>>
>>>>>>              
>>>>>>>> i would go ahead for now, if any queries i would again seek your help.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                  
>>>>>>> Excellent.  Don't hesitate to ask us any more questions.
>>>>>>>
>>>>>>> Also, in the future, could you please make sure to CC the mailing list
>>>>>>> when replying?
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Alex
>>>>>>>
>>>>>>> On Tue, Aug 09, 2011 at 05:31:22PM +0530, Abhijit wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>                
>>>>>>>> hi sir,
>>>>>>>>
>>>>>>>> finally got this:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                  
>>>>>>>>> =INFO REPORT==== 9-Aug-2011::17:28:33 ===
>>>>>>>>> started TCP Listener on 0.0.0.0:5672
>>>>>>>>>
>>>>>>>>> =INFO REPORT==== 9-Aug-2011::17:28:33 ===
>>>>>>>>> started SSL Listener on 0.0.0.0:5671
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                    
>>>>>>>> your this step
>>>>>>>>
>>>>>>>> Could you copy the config file to "...\AppData\Roaming\RabbitMQ.config"
>>>>>>>> and try again
>>>>>>>>
>>>>>>>> helped...
>>>>>>>>
>>>>>>>> i would go ahead for now, if any queries i would again seek your help.
>>>>>>>>
>>>>>>>> Thanks and Regards,
>>>>>>>> Abhijit
>>>>>>>>
>>>>>>>> On 8/9/2011 5:20 PM, Alexandru Scvorţov wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                  
>>>>>>>>> That's a bit odd.  I'm not sure how that can happen.  It looks like you
>>>>>>>>> somehow set the RABBITMQ_CONFIG_FILE variable at some point.
>>>>>>>>>
>>>>>>>>> The file is normally in:
>>>>>>>>> ...\AppData\Roaming\RabbitMQ\rabbitmq.config
>>>>>>>>> but your system is looking for it in:
>>>>>>>>> ...\AppData\Roaming\RabbitMQ.config
>>>>>>>>>
>>>>>>>>> Could you copy the config file to "...\AppData\Roaming\RabbitMQ.config"
>>>>>>>>> and try again?  Alternatively, unset the RABBITMQ_CONFIG_FILE variable
>>>>>>>>> and try again without copying the file.
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>> Alex
>>>>>>>>>
>>>>>>>>> On Tue, Aug 09, 2011 at 05:02:04PM +0530, Abhijit wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                    
>>>>>>>>>> I deleted the dot as you asked to and also wrote the line find which
>>>>>>>>>> config we are using, and found we are using the same config file and
>>>>>>>>>> also broker is running successfully without the dot. Am attaching the
>>>>>>>>>> print-screen for the command line output i received when i tried running
>>>>>>>>>> rabbit-mq server
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> thanks and regards,
>>>>>>>>>> Abhijit
>>>>>>>>>>
>>>>>>>>>> On 8/9/2011 4:50 PM, Alexandru Scvorţov wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                      
>>>>>>>>>>> Ok.  Could you delete the dot at the end (or introduce some other
>>>>>>>>>>> syntactic error) and try again?
>>>>>>>>>>>
>>>>>>>>>>> If it still runs, it's using a different configuration file.
>>>>>>>>>>>
>>>>>>>>>>> Could you also add the following line to the rabbitmq-server.bat file?
>>>>>>>>>>>         echo CONFIG_FILE: !RABBITMQ_CONFIG_FILE!.config
>>>>>>>>>>> It should go in towards the end, right before the "!ERLANG_HOME!\bin\erl.exe"
>>>>>>>>>>> line.
>>>>>>>>>>>
>>>>>>>>>>> That way, when you start the server manually with the .bat, we will know
>>>>>>>>>>> which config file it's using.
>>>>>>>>>>>
>>>>>>>>>>> Alex
>>>>>>>>>>>
>>>>>>>>>>> On Tue, Aug 09, 2011 at 04:42:32PM +0530, Abhijit wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                        
>>>>>>>>>>>> hi sir,
>>>>>>>>>>>>
>>>>>>>>>>>> It didn't worked as we wanted...this are the last two phrases in the log
>>>>>>>>>>>> file of the broker.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>                          
>>>>>>>>>>>>> =INFO REPORT==== 9-Aug-2011::16:39:52 ===
>>>>>>>>>>>>> started TCP Listener on [::]:5692
>>>>>>>>>>>>>
>>>>>>>>>>>>> =INFO REPORT==== 9-Aug-2011::16:39:53 ===
>>>>>>>>>>>>> started TCP Listener on 0.0.0.0:5692
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>                            
>>>>>>>>>>>> i copied the rabbitmq.config which you sent me but didn't worked out.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks and Regards,
>>>>>>>>>>>> Abhijit
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On 8/9/2011 4:19 PM, Alexandru Scvorţov wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>                          
>>>>>>>>>>>>>> Am using the same path, C:\Users\Administrator\AppData\Roaming\RabbitMQ\rabbitmq.config for including ssl in my app.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>                              
>>>>>>>>>>>>> Ok.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>                            
>>>>>>>>>>>>>> But the file wasn't present earlier i had created that file in order to have SSL in my app at the same location.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>                              
>>>>>>>>>>>>> That's fine.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>                            
>>>>>>>>>>>>>> i tried running the bat file for the rabbitmq-server that didn't help sir, do you need any part of code for inspection.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>                              
>>>>>>>>>>>>> The code isn't the problem right now.  It's getting rabbit to enable
>>>>>>>>>>>>> ssl.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I'm attaching a rabbitmq.config.  Please try using that one.  Restart
>>>>>>>>>>>>> the broker and the last lines in the broker log should be:
>>>>>>>>>>>>>
>>>>>>>>>>>>> =INFO REPORT==== 9-Aug-2011::11:44:37 ===
>>>>>>>>>>>>> started TCP Listener on [::]:5672
>>>>>>>>>>>>>
>>>>>>>>>>>>> =INFO REPORT==== 9-Aug-2011::11:44:37 ===
>>>>>>>>>>>>> started SSL Listener on 0.0.0.0:5671
>>>>>>>>>>>>>
>>>>>>>>>>>>> Let me know how it goes, please.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Cheers,
>>>>>>>>>>>>> Alex
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Tue, Aug 09, 2011 at 04:09:42PM +0530, Abhijit wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>                            
>>>>>>>>>>>>>> Hi Sir,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Am using the same path, C:\Users\Administrator\AppData\Roaming\RabbitMQ\rabbitmq.config for including ssl in my app.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> But the file wasn't present earlier i had created that file in order to have SSL in my app at the same location.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> i tried running the bat file for the rabbitmq-server that didn't help sir, do you need any part of code for inspection.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks a lot for your time and replies.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>> Abhijit
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>                              
>>>>>>>>>>>>
>>>>>>>>>>>>                          
>>>>>>>>>>
>>>>>>>>>>                      
>>>>>>>>
>>>>>>>>                  
>>>>>>
>>>>>>              
>>>>
>>>>          
>>      



More information about the rabbitmq-discuss mailing list