[rabbitmq-discuss] facing issues with the SSL implementations with RabbitMQ + Windows + .Net

Wed Aug 10 11:46:18 BST 2011

Ok sir thanks,

this is the post for the former command s_client:
> C:\>openssl s_client -connect localhost:5671 -CAfile testca/cacert.pem 
> -cert cli
> ent/cert.pem -key client/key.pem -showcerts
> Loading 'screen' into random state - done
> CONNECTED(00000160)
> depth=1 CN = Kiprosh7
> verify return:1
> depth=0 CN = Kiprosh7, O = server
> verify return:1
> ---
> Certificate chain
>  0 s:/CN=Kiprosh7/O=server
>    i:/CN=Kiprosh7
> -----BEGIN CERTIFICATE-----
> MIIC4TCCAcmgAwIBAgIBATANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhLaXBy
> b3NoNzAeFw0xMTA4MTAwODA1NTBaFw0xMjA4MDkwODA1NTBaMCQxETAPBgNVBAMM
> CEtpcHJvc2g3MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
> DwAwggEKAoIBAQDTDgQ3/vSBPvy0PAZYwk4H2qlFckaA75YfCYZ+HhIb+JUSrZ4r
> NcBEhvrH+7p1yft9IC4pgrgEbjmfQVTi8LGwtMRZmwpbmjqEfOALpra5x7Plb+7y
> CTT/iDc8uUwHLn2brXxNRn58IrEeD1X+rBxLNyek0pQu/hH31+REI5Sn1JZfi7gc
> 3PJEuaRzVJY4sE0neNWT+K+aD0n382qnziLEGOusXWNpggpoHVFKZR3Yojxj6Bfk
> 9lUvfUtIqz2zQ2dF0q6A0QVVlIenKzUK+rjHxQAUSb8P9CmCuRXUih3f61ahquQP
> CgSrkNnUV44D/wHfnxNm9QjxlQEGyr0DsTcFAgMBAAGjLzAtMAkGA1UdEwQCMAAw
> CwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUA
> A4IBAQDE+cXjx6uNL/Kf/HmE7FeQ238iN7Gfb+I1QHmbRaR0qbTqcFzp7NCJ62uq
> nJ6Anj0+h1IFNMlQrCISSS0fnSj+mXMKDodZzV+cXFjdtoEXyqdDO0zphDMTRd8H
> oI79XSm5IK6vcPR+g2UTkhgrX1xfgeqZ8hmw0L0mMMGHXclwwaAF9HRNomFt32gr
> 1sVhFkhH/5epmgcl+8yI1E7UaQc91bYkUEuQFNu7irgc+/tvcXa4O4+dIfhnzrog
> 8piYUk4dxGME8LknQ213Gow9cgEKzcYadJ4DIr6gChkvAnYpHHHafWj/Ksvxyii6
> 8FxuTfgsrOYwkqEcSXeCGUS25nU9
> -----END CERTIFICATE-----
>  1 s:/CN=Kiprosh7
>    i:/CN=Kiprosh7
> -----BEGIN CERTIFICATE-----
> MIICxjCCAa6gAwIBAgIJANsNRAs/ueOoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
> BAMTCEtpcHJvc2g3MB4XDTExMDgxMDA4MDEzMloXDTEyMDgwOTA4MDEzMlowEzER
> MA8GA1UEAxMIS2lwcm9zaDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
> AQDorxS4o/H/w7f+VYWkQk3gS7g7gWFd3S4eCVV35a3GEcyP2OS4pUhhZXyB0lN7
> xmUHqeixx7aNRnrc130SQ4kke1fuxtdLjKxu+oeASMLCSkF356m8X5FhuTnPkf2W
> x64i6nk9SOO+jdQo/kMChy0H7psKS5I2M0nb5WLxN/JOACNnxJOhFy8cGw7l32q6
> rEfqLkdnZJR09fiuf0hEbb/UodOt2tXXGN0Pp3X2x4cXnD6E2Va9QSBYIvPAnWEn
> FN2Te+Qwg+AxwHIkCjH9bfQ7fOeuGHAoanSnlqS5rW/T5sKKlkBl95WeJoTFjrCt
> CVDLilsnLrfmZkg3ICQtPbgNAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P
> BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBGtbJQyQ1pWVo+7snqxCOn/KVN++Jo
> 8YEB4/MGKgHyoTWRAa3IXOSPtpunW/6yDziwcLZeO09MATeKCCAJf64LXZr7aM6J
> ZX6hFFNUyqa5w9AaZ4sAe70QwDYPS6dPqcyTab/DVVRGhJAKhUc2lX+UfcBhHYaz
> egKDKyIybHMmcQQm//SO0jo3Ak0565ZAMCdaaO/9RNJpJSxJf+HSVUg4sPLe/sAK
> QlXcdt8XlKsEKBzUHzfRvpbU/8gn1HO5G+CTvEW2kO6nssuKX41g5hMfRqu248TT
> jbGWMkYFMPDY1m2QWPqzLvaETGOWHwqpVWXuMhu7/T5sduDf2n084ok7
> -----END CERTIFICATE-----
> ---
> Server certificate
> subject=/CN=Kiprosh7/O=server
> issuer=/CN=Kiprosh7
> ---
> Acceptable client certificate CA names
> /CN=Kiprosh7
> ---
> SSL handshake has read 1663 bytes and written 2276 bytes
> ---
> New, TLSv1/SSLv3, Cipher is AES256-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1
>     Cipher    : AES256-SHA
>     Session-ID: 
> 8703D018C270CC932648333F61FE3C986CB336B7C8074ACF3560E415934E26F2
>
>     Session-ID-ctx:
>     Master-Key: 
> F5B8C5666355EE6C78910EBB649A65740104537ACEBB28E4A23DF51EA5DE9E6A
> FE3AC2C95B1929985DAFC09CDC6BDEAE
>     Key-Arg   : None
>     PSK identity: None
>     PSK identity hint: None
>     Start Time: 1312972974
>     Timeout   : 300 (sec)
>     Verify return code: 0 (ok)
> ---

Thanks and Regards,
Abhijit

On 8/10/2011 4:10 PM, Alexandru Scvorţov wrote:
>>> AMQP server protocol negotiation failure: server version
>>> unknown-unknown, client version 0-9
>>>        
> That means the client connected successfully but closed the connection
> later because it wasn't talking to an AMQP server.
>
> That means that the client and certificates are fine, so the problem is
> configuring the server.
>
> When you try the other command (the openssl s_client) on the server,
> what output do you get?  Could you please post it?
>
> Alex
>
> On Wed, Aug 10, 2011 at 04:00:26PM +0530, Abhijit wrote:
>    
>> yes sir
>> no problem i thought so after looking at client cmd lines i did put
>> slash instead of dot, and now am getting this errors:
>>
>>      
>>> AMQP server protocol negotiation failure: server version
>>> unknown-unknown, client version 0-9
>>>        
>> Can you tell me what are next steps?
>>
>> Thanks and Regards,
>> Abhijit
>>
>>
>> On 8/10/2011 3:57 PM, Alexandru Scvorţov wrote:
>>      
>>>> Am still getting the same error am using the same config file.
>>>>
>>>>          
>>> Ok, but are you sure it's actually the file used by the server? (we had
>>> some problems earlier about which file the server was using when started
>>> from the command prompt or as a service)
>>>
>>>
>>>        
>>>>> openssl s_server -accept 5671 -CAfile testca/cacert.pem -cert
>>>>> server/cert.pem -key server.key.pem -state
>>>>>
>>>>>            
>>> My mistake.  That should be:
>>>     openssl s_server -accept 5671 -CAfile testca/cacert.pem -cert
>>>     server/cert.pem -key server/key.pem -state
>>>
>>> (dot instead of slash in server.key.pem)
>>>
>>> BTW, if they're disposable, could you send the certificates and keys?
>>> We've had problems before with the certificates generated by OpenSSL,
>>> which were usually solved by using a different version.  Maybe this is
>>> happening here.
>>>
>>> Cheers,
>>> Alex
>>>
>>> On Wed, Aug 10, 2011 at 03:46:39PM +0530, Abhijit wrote:
>>>
>>>        
>>>> hi sir,
>>>>
>>>> Am still getting the same error am using the same config file.
>>>>
>>>> But i was not able to run this command you sent me:
>>>>
>>>>
>>>>          
>>>>> openssl s_server -accept 5671 -CAfile testca/cacert.pem -cert
>>>>> server/cert.pem -key server.key.pem -state
>>>>>
>>>>>            
>>>> was getting an error: unable to load server certificate private key file.
>>>>
>>>> Thanks and Regards,
>>>> Abhijit
>>>>
>>>>
>>>>
>>>>          
>>      