[rabbitmq-discuss] facing issues with the SSL implementations with RabbitMQ + Windows + .Net

Alexandru Scvorţov alexandru at rabbitmq.com
Thu Aug 11 13:06:44 BST 2011


Hello,

I don't see anything wrong with how you're generating certificate, but I
do see a problem with your certificates:
  the keycert.p12 contains the SERVER certificates, rather than the
  client certificates.

Using your certificates, I get "The message received was unexpected or
badly formatted" on the .NET side and {ssl_upgrade_error,esslaccept} on
the server side.  This is what's expected when you use the server
certificates for the client.  Is that also what you get?

If so, could you please make sure, when generating CLIENT, certificates,
you do

# cd ../client
# openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem
# passout pass:password

and not

# cd ../server
# openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem
# passout pass:password

or something similar.

Cheers,
Alex


On Thu, Aug 11, 2011 at 12:54:00PM +0530, Abhijit wrote:
> Hi Sir,
> 
> Am sending you the new set of certificates i made today morning which 
> were still giving same errors. Can you please inspect them and let me 
> know what are the errors.
> 
> Thanks and Regards,
> Abhijit
> 
> On 8/10/2011 8:15 PM, Alexandru Scvorţov wrote:
> >> can you tell me did you create your certificates on windows?
> >> or on linux machine?
> >>      
> > I generated the certificates on Windows Server 2008.
> >
> >    
> >> openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 \
> >>       -out cacert.pem -outform PEM -subj /CN=MyTestCA/ -nodes
> >>
> >> i executed above as
> >> openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 -out cacert.pem -outform PEM -subj /CN=MyTestCA/ -nodes
> >>      
> > I did the same thing.
> >
> > Could you send the certificates you're using? (same files I sent
> > earlier)  I'll see if I can find anything wrong with them.
> >
> > Alex
> >
> > On Wed, Aug 10, 2011 at 07:56:51PM +0530, Abhijit wrote:
> >    
> >> OK Sir
> >>
> >> can you tell me did you create your certificates on windows?
> >> or on linux machine?
> >>
> >> openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 \
> >>       -out cacert.pem -outform PEM -subj /CN=MyTestCA/ -nodes
> >>
> >> i executed above as
> >> openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 -out cacert.pem -outform PEM -subj /CN=MyTestCA/ -nodes
> >>
> >> because as you told me that i need to do it similarly as in the website i skipped the '\' since it wasn't a valid element in openssl.
> >>
> >> does that caused the error?
> >>
> >> Thanks and Regards,
> >> Abhijit
> >>
> >>
> >>
> >> On 8/10/2011 7:38 PM, Alexandru Scvorţov wrote:
> >>      
> >>>> but with no luck, do i need something more.
> >>>>
> >>>>          
> >>> Not that I can think of, no.
> >>>
> >>> If you're using OpenSSL 1.0.0, could you try with OpenSSL 0.9.8?
> >>>
> >>> Cheers,
> >>> Alex
> >>>
> >>> On Wed, Aug 10, 2011 at 07:24:54PM +0530, Abhijit wrote:
> >>>
> >>>        
> >>>> Hi sir,
> >>>>
> >>>> i went through all the steps again to make certificates in this link:
> >>>>
> >>>>          
> >>>>> http://www.rabbitmq.com/ssl.html#keys-and-certs
> >>>>>
> >>>>>            
> >>>> but with no luck, do i need something more.
> >>>>
> >>>> Thanking you,
> >>>>
> >>>> Regards,
> >>>> Abhijit
> >>>>
> >>>>
> >>>> On 8/10/2011 5:48 PM, Alexandru Scvorţov wrote:
> >>>>
> >>>>          
> >>>>>> The code worked now. the certificate you provided did work
> >>>>>>
> >>>>>>
> >>>>>>              
> >>>>> Great to hear that.
> >>>>>
> >>>>>
> >>>>>
> >>>>>            
> >>>>>>     wondering why
> >>>>>> my certificates are not working??
> >>>>>>
> >>>>>>
> >>>>>>              
> >>>>> I suspect you got some step in the certificate generation wrong (I
> >>>>> generated the certificates following the instructions on the website).
> >>>>> It's ridiculously easy to get something wrong.
> >>>>>
> >>>>> I'd delete all the certificates, and CA you generated and try again.
> >>>>> The website instructions are right.  You might want to try without
> >>>>> changing anything (the CA's name, for instance) just to see that it
> >>>>> works.
> >>>>>
> >>>>> You could also try a different version of OpenSSL, but I'd be quite
> >>>>> surprised if that were the problem.
> >>>>>
> >>>>> Let us how it goes.
> >>>>>
> >>>>> Cheers,
> >>>>> Alex
> >>>>>
> >>>>>
> >>>>> On Wed, Aug 10, 2011 at 05:30:42PM +0530, Abhijit wrote:
> >>>>>
> >>>>>
> >>>>>            
> >>>>>> Hi sir,
> >>>>>>
> >>>>>> The code worked now. the certificate you provided did work wondering why
> >>>>>> my certificates are not working??
> >>>>>>
> >>>>>> Thanks and Regards,
> >>>>>> Abhijit
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On 8/10/2011 5:20 PM, Alexandru Scvorţov wrote:
> >>>>>>
> >>>>>>
> >>>>>>              
> >>>>>>> :(  That seems perfectly fine.
> >>>>>>>
> >>>>>>> Other ways to get an "unknown ca" error:
> >>>>>>>       - forget to add the CA certificate to the Trust store;
> >>>>>>>       - have the client use a certificate signed by a different authority
> >>>>>>>         than the one given to the server.
> >>>>>>>
> >>>>>>> I'm out of ideas.  I'm attaching:
> >>>>>>>       - cacert.pem and cacert.cer;
> >>>>>>>       - keycert.p12 (password is "test");
> >>>>>>>       - server's cert.pem, key.pem.
> >>>>>>>
> >>>>>>> You'll also need to set RemoteCertificateNameMismatch before starting the connection:
> >>>>>>>       cf.Ssl.AcceptablePolicyErrors =
> >>>>>>>         SslPolicyErrors.RemoteCertificateNameMismatch;
> >>>>>>>
> >>>>>>> Could you please try with these and see if it works (or if you get a
> >>>>>>> different error)?
> >>>>>>>
> >>>>>>> Cheers,
> >>>>>>> Alex
> >>>>>>>
> >>>>>>> On Wed, Aug 10, 2011 at 04:16:18PM +0530, Abhijit wrote:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>                
> >>>>>>>> Ok sir thanks,
> >>>>>>>>
> >>>>>>>> this is the post for the former command s_client:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>                  
> >>>>>>>>> C:\>openssl s_client -connect localhost:5671 -CAfile testca/cacert.pem
> >>>>>>>>> -cert cli
> >>>>>>>>> ent/cert.pem -key client/key.pem -showcerts
> >>>>>>>>> Loading 'screen' into random state - done
> >>>>>>>>> CONNECTED(00000160)
> >>>>>>>>> depth=1 CN = Kiprosh7
> >>>>>>>>> verify return:1
> >>>>>>>>> depth=0 CN = Kiprosh7, O = server
> >>>>>>>>> verify return:1
> >>>>>>>>> ---
> >>>>>>>>> Certificate chain
> >>>>>>>>>      0 s:/CN=Kiprosh7/O=server
> >>>>>>>>>        i:/CN=Kiprosh7
> >>>>>>>>> -----BEGIN CERTIFICATE-----
> >>>>>>>>> MIIC4TCCAcmgAwIBAgIBATANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhLaXBy
> >>>>>>>>> b3NoNzAeFw0xMTA4MTAwODA1NTBaFw0xMjA4MDkwODA1NTBaMCQxETAPBgNVBAMM
> >>>>>>>>> CEtpcHJvc2g3MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
> >>>>>>>>> DwAwggEKAoIBAQDTDgQ3/vSBPvy0PAZYwk4H2qlFckaA75YfCYZ+HhIb+JUSrZ4r
> >>>>>>>>> NcBEhvrH+7p1yft9IC4pgrgEbjmfQVTi8LGwtMRZmwpbmjqEfOALpra5x7Plb+7y
> >>>>>>>>> CTT/iDc8uUwHLn2brXxNRn58IrEeD1X+rBxLNyek0pQu/hH31+REI5Sn1JZfi7gc
> >>>>>>>>> 3PJEuaRzVJY4sE0neNWT+K+aD0n382qnziLEGOusXWNpggpoHVFKZR3Yojxj6Bfk
> >>>>>>>>> 9lUvfUtIqz2zQ2dF0q6A0QVVlIenKzUK+rjHxQAUSb8P9CmCuRXUih3f61ahquQP
> >>>>>>>>> CgSrkNnUV44D/wHfnxNm9QjxlQEGyr0DsTcFAgMBAAGjLzAtMAkGA1UdEwQCMAAw
> >>>>>>>>> CwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUA
> >>>>>>>>> A4IBAQDE+cXjx6uNL/Kf/HmE7FeQ238iN7Gfb+I1QHmbRaR0qbTqcFzp7NCJ62uq
> >>>>>>>>> nJ6Anj0+h1IFNMlQrCISSS0fnSj+mXMKDodZzV+cXFjdtoEXyqdDO0zphDMTRd8H
> >>>>>>>>> oI79XSm5IK6vcPR+g2UTkhgrX1xfgeqZ8hmw0L0mMMGHXclwwaAF9HRNomFt32gr
> >>>>>>>>> 1sVhFkhH/5epmgcl+8yI1E7UaQc91bYkUEuQFNu7irgc+/tvcXa4O4+dIfhnzrog
> >>>>>>>>> 8piYUk4dxGME8LknQ213Gow9cgEKzcYadJ4DIr6gChkvAnYpHHHafWj/Ksvxyii6
> >>>>>>>>> 8FxuTfgsrOYwkqEcSXeCGUS25nU9
> >>>>>>>>> -----END CERTIFICATE-----
> >>>>>>>>>      1 s:/CN=Kiprosh7
> >>>>>>>>>        i:/CN=Kiprosh7
> >>>>>>>>> -----BEGIN CERTIFICATE-----
> >>>>>>>>> MIICxjCCAa6gAwIBAgIJANsNRAs/ueOoMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
> >>>>>>>>> BAMTCEtpcHJvc2g3MB4XDTExMDgxMDA4MDEzMloXDTEyMDgwOTA4MDEzMlowEzER
> >>>>>>>>> MA8GA1UEAxMIS2lwcm9zaDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
> >>>>>>>>> AQDorxS4o/H/w7f+VYWkQk3gS7g7gWFd3S4eCVV35a3GEcyP2OS4pUhhZXyB0lN7
> >>>>>>>>> xmUHqeixx7aNRnrc130SQ4kke1fuxtdLjKxu+oeASMLCSkF356m8X5FhuTnPkf2W
> >>>>>>>>> x64i6nk9SOO+jdQo/kMChy0H7psKS5I2M0nb5WLxN/JOACNnxJOhFy8cGw7l32q6
> >>>>>>>>> rEfqLkdnZJR09fiuf0hEbb/UodOt2tXXGN0Pp3X2x4cXnD6E2Va9QSBYIvPAnWEn
> >>>>>>>>> FN2Te+Qwg+AxwHIkCjH9bfQ7fOeuGHAoanSnlqS5rW/T5sKKlkBl95WeJoTFjrCt
> >>>>>>>>> CVDLilsnLrfmZkg3ICQtPbgNAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P
> >>>>>>>>> BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBGtbJQyQ1pWVo+7snqxCOn/KVN++Jo
> >>>>>>>>> 8YEB4/MGKgHyoTWRAa3IXOSPtpunW/6yDziwcLZeO09MATeKCCAJf64LXZr7aM6J
> >>>>>>>>> ZX6hFFNUyqa5w9AaZ4sAe70QwDYPS6dPqcyTab/DVVRGhJAKhUc2lX+UfcBhHYaz
> >>>>>>>>> egKDKyIybHMmcQQm//SO0jo3Ak0565ZAMCdaaO/9RNJpJSxJf+HSVUg4sPLe/sAK
> >>>>>>>>> QlXcdt8XlKsEKBzUHzfRvpbU/8gn1HO5G+CTvEW2kO6nssuKX41g5hMfRqu248TT
> >>>>>>>>> jbGWMkYFMPDY1m2QWPqzLvaETGOWHwqpVWXuMhu7/T5sduDf2n084ok7
> >>>>>>>>> -----END CERTIFICATE-----
> >>>>>>>>> ---
> >>>>>>>>> Server certificate
> >>>>>>>>> subject=/CN=Kiprosh7/O=server
> >>>>>>>>> issuer=/CN=Kiprosh7
> >>>>>>>>> ---
> >>>>>>>>> Acceptable client certificate CA names
> >>>>>>>>> /CN=Kiprosh7
> >>>>>>>>> ---
> >>>>>>>>> SSL handshake has read 1663 bytes and written 2276 bytes
> >>>>>>>>> ---
> >>>>>>>>> New, TLSv1/SSLv3, Cipher is AES256-SHA
> >>>>>>>>> Server public key is 2048 bit
> >>>>>>>>> Secure Renegotiation IS supported
> >>>>>>>>> Compression: NONE
> >>>>>>>>> Expansion: NONE
> >>>>>>>>> SSL-Session:
> >>>>>>>>>         Protocol  : TLSv1
> >>>>>>>>>         Cipher    : AES256-SHA
> >>>>>>>>>         Session-ID:
> >>>>>>>>> 8703D018C270CC932648333F61FE3C986CB336B7C8074ACF3560E415934E26F2
> >>>>>>>>>
> >>>>>>>>>         Session-ID-ctx:
> >>>>>>>>>         Master-Key:
> >>>>>>>>> F5B8C5666355EE6C78910EBB649A65740104537ACEBB28E4A23DF51EA5DE9E6A
> >>>>>>>>> FE3AC2C95B1929985DAFC09CDC6BDEAE
> >>>>>>>>>         Key-Arg   : None
> >>>>>>>>>         PSK identity: None
> >>>>>>>>>         PSK identity hint: None
> >>>>>>>>>         Start Time: 1312972974
> >>>>>>>>>         Timeout   : 300 (sec)
> >>>>>>>>>         Verify return code: 0 (ok)
> >>>>>>>>> ---
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>                    
> >>>>>>>> Thanks and Regards,
> >>>>>>>> Abhijit
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On 8/10/2011 4:10 PM, Alexandru Scvorţov wrote:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>                  
> >>>>>>>>>>> AMQP server protocol negotiation failure: server version
> >>>>>>>>>>> unknown-unknown, client version 0-9
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>                        
> >>>>>>>>> That means the client connected successfully but closed the connection
> >>>>>>>>> later because it wasn't talking to an AMQP server.
> >>>>>>>>>
> >>>>>>>>> That means that the client and certificates are fine, so the problem is
> >>>>>>>>> configuring the server.
> >>>>>>>>>
> >>>>>>>>> When you try the other command (the openssl s_client) on the server,
> >>>>>>>>> what output do you get?  Could you please post it?
> >>>>>>>>>
> >>>>>>>>> Alex
> >>>>>>>>>
> >>>>>>>>> On Wed, Aug 10, 2011 at 04:00:26PM +0530, Abhijit wrote:
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>                    
> >>>>>>>>>> yes sir
> >>>>>>>>>> no problem i thought so after looking at client cmd lines i did put
> >>>>>>>>>> slash instead of dot, and now am getting this errors:
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>                      
> >>>>>>>>>>> AMQP server protocol negotiation failure: server version
> >>>>>>>>>>> unknown-unknown, client version 0-9
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>                        
> >>>>>>>>>> Can you tell me what are next steps?
> >>>>>>>>>>
> >>>>>>>>>> Thanks and Regards,
> >>>>>>>>>> Abhijit
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On 8/10/2011 3:57 PM, Alexandru Scvorţov wrote:
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>                      
> >>>>>>>>>>>> Am still getting the same error am using the same config file.
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>                          
> >>>>>>>>>>> Ok, but are you sure it's actually the file used by the server? (we had
> >>>>>>>>>>> some problems earlier about which file the server was using when started
> >>>>>>>>>>> from the command prompt or as a service)
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>                        
> >>>>>>>>>>>>> openssl s_server -accept 5671 -CAfile testca/cacert.pem -cert
> >>>>>>>>>>>>> server/cert.pem -key server.key.pem -state
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>                            
> >>>>>>>>>>> My mistake.  That should be:
> >>>>>>>>>>>         openssl s_server -accept 5671 -CAfile testca/cacert.pem -cert
> >>>>>>>>>>>         server/cert.pem -key server/key.pem -state
> >>>>>>>>>>>
> >>>>>>>>>>> (dot instead of slash in server.key.pem)
> >>>>>>>>>>>
> >>>>>>>>>>> BTW, if they're disposable, could you send the certificates and keys?
> >>>>>>>>>>> We've had problems before with the certificates generated by OpenSSL,
> >>>>>>>>>>> which were usually solved by using a different version.  Maybe this is
> >>>>>>>>>>> happening here.
> >>>>>>>>>>>
> >>>>>>>>>>> Cheers,
> >>>>>>>>>>> Alex
> >>>>>>>>>>>
> >>>>>>>>>>> On Wed, Aug 10, 2011 at 03:46:39PM +0530, Abhijit wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>                        
> >>>>>>>>>>>> hi sir,
> >>>>>>>>>>>>
> >>>>>>>>>>>> Am still getting the same error am using the same config file.
> >>>>>>>>>>>>
> >>>>>>>>>>>> But i was not able to run this command you sent me:
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>                          
> >>>>>>>>>>>>> openssl s_server -accept 5671 -CAfile testca/cacert.pem -cert
> >>>>>>>>>>>>> server/cert.pem -key server.key.pem -state
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>                            
> >>>>>>>>>>>> was getting an error: unable to load server certificate private key file.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Thanks and Regards,
> >>>>>>>>>>>> Abhijit
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>                          
> >>>>>>>>>>
> >>>>>>>>>>                      
> >>>>>>>>
> >>>>>>>>                  
> >>>>>>
> >>>>>>              
> >>>>
> >>>>          
> >>      
> 

> -----BEGIN RSA PRIVATE KEY-----
> MIIEpAIBAAKCAQEAxt0TpBEhXsGZpQ5Uo5G/BJIgEAvHJti7g/zcsIZXYLv7dwj2
> pgvFcDBDC2UDRxFu8ZRBu2oPqhr/kXA/2KoW1g9Y5fG9LYFVNjKvw7Vr61d9zbNp
> 8kIF5zyGBxhZGL7AXpltIGaf7VRy/pwz8hhe0Nq4h12jQi7tfJusiUt9wz3a0f3H
> 98KtXkEmhydKgFrHkunBEOeSGzajOPnubRSyIpi9CCvS79by8UXZk5FVVQee+Rcu
> B0L8HjO+cFkcuFAH3si3wWymouaEDpWY1n0x2QZA0//FypsY1uBFr84cF6sUHIMI
> jdUgD7Bo2phqTcvlsttRuHiSr5C2+GRQo2EelQIDAQABAoIBAC+RGe2Ym17K+DFe
> 6Cfn6MTzHvA3oP9NwCymAzPGLohY7qFeZ4D4N9XJ9X94Pfx10w+94qsth2ms44yq
> SNtOc//n09/Mnu+PjA5WuWwarSGx38mgLKth13+kHnr7+/PLTMBT+qJRadee55K3
> UkWKRsO2TYUzhKWEDBJOOkrs37wfVx4mDs2X3UxjGSUgdvxw/xAfRZ+cn6Svf42t
> L1+4a7DOinAIlUh/NdRF2XVkf7skjCJu7vOO6i5ky++xxo5LK36kjb/PMDMEOA8d
> d36nGStSON8ltvZO90Y/WvF09hw3cI/qZ2wugdxYaAIkVbN5Aw6UHGTikPn8qcn+
> DF3I29ECgYEA92L1hUOY5ziU9clDhHbpLrlIyNREYrsFO0yMqE2t4OaAnURszjUD
> 1tqP7nNoq8qRxkfjtqxTsACjEj9WfqP0lQWEb8Emt9jg6Z2Uf6MGTXh+ijeMGPMR
> LidpCwP39F6bv7DEm3h+EwJVK0Rhb+mKgvhReM4nr28X892v26gP9jcCgYEAzcmd
> o2Mejnzv+G4J/E4p4XiFX/zYgCieCKnqi73xgdj2j31o1hJZYBkh/9hnBvVS6RrX
> 3G8ngwfUTxk0bAqH1sNRRiqFjpkWmjDl0PO7e+LsokX80Y2P1dPfdwQnje8Od8Vi
> M33j6zvURyXJ5EAWbWIKKHZR1k8TxtmD8u1Aq5MCgYEAttDDnbLBmQWgVy5fndF+
> KtAz8G2lB80rZZIBVBLrjwroOtApFA3rg2hK+y0ASgvNxFi19/XLdoJSABccZUPm
> aAYGw8taQHyeYSXZaqVf7/o+kQfRmVJu/MuU/dX18/nCYVtRP49Ao+2SYQIMe3Z7
> rKOzGXJHs4aGjeninpHJEesCgYBzwcKzwrDQlATkqPli/JDgbMwRt4gNZ0umMfZm
> jv0H/oSLKI9NQ9sUjG6snQ0vQ9ZUm63rKHeAZGoP6Gytjarlqs7P+mFQWlr1dyX/
> SOsggAB+M4JIWiobrOfZ6fNaCqwHwXdA4cLQcsIxF1ee1lIHS4vNQOk99RN52qc3
> gi/LkwKBgQCxwgAeINI2r1EFDC+k+hJ7Od4TkrZk7TvsgvwpnxQHkJpkYqAFjT4Z
> DXswdo+4gN70oN2fkrXGypIo/r+G20AI8VlBy91eIV1YI5GFGOs2q5by0+7UHV8h
> RVQeKHXsz5/hpSeF4wdJox1kqgySeluCA/mMt9i+jAyPz1xwK8U+aw==
> -----END RSA PRIVATE KEY-----



> -----BEGIN CERTIFICATE-----
> MIICxjCCAa6gAwIBAgIJALgBaefnAA8iMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
> BAMTCE15VGVzdENBMB4XDTExMDgxMTA3MTEyMFoXDTEyMDgxMDA3MTEyMFowEzER
> MA8GA1UEAxMITXlUZXN0Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
> AQDjrWFlQ6QBss2DVe6xiCmzyYbSm1zAu9gVwDWvrvkK3cSQ2Y9iA+IKQUXhmmq2
> EJHwLpapjG/6ZucWrIWEX+53vkSpGdia9hTsbxxOFueP8SaYM96/K3/cEV/JtSIO
> ylEwVTlwuuNvAfrnG8srgDtFuXYoFRKWMoLsd68kNAyTCJWWoYqe71V5poY+c2Zv
> rLofRwWcz7wRnEcvw5bj3eIl9jURMmGTHtSQMVEskokvuAm2xfNBXrgsdw04SDH6
> m8x5rXgvEu8wHUNCPx/4a8qcYGFLnTov5d8O0Bs3GLfhR7sYeTZt4L2BrTLuPUZ9
> cXCAQ+PmJUgYgytmjIbwDDAXAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P
> BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBJL8UchryKVyoKtpkkVJd7O2PJO6Yh
> 21kq75Y+gvJ5iCxF9fVqOpNYerFFt+KR1uxAuHglse7DBJDmfplpvQ/FlmJonztP
> qeXfFKSiN4CRIHzCvrZOxX/CHTtnzjJ5ArmrTk71f9gkmeKhoZ1mhgHIqFMPjxhT
> u+5vK6S0TjcqyEeYnt6o794rz/sVLWOaDrGWxe2mZBq7wGajQq6xauyXWUovPWg8
> 1QNBDcpJb6BNrupK2AFONYI6BPpdMnl6m+PqwYXD3oZakMnNLoQLSYE8wD3ZQkTO
> V2upmgchnKN+qpfHHUGmilikc6FIUhcfSRGvTx63r1CvOFYPwGvJVoOL
> -----END CERTIFICATE-----

> -----BEGIN CERTIFICATE-----
> MIIC4DCCAcigAwIBAgIBATANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhNeVRl
> c3RDQTAeFw0xMTA4MTEwNzEzNTBaFw0xMjA4MTAwNzEzNTBaMCMxEDAOBgNVBAMT
> B2FiaGlqaXQxDzANBgNVBAoTBnNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
> ADCCAQoCggEBAMbdE6QRIV7BmaUOVKORvwSSIBALxybYu4P83LCGV2C7+3cI9qYL
> xXAwQwtlA0cRbvGUQbtqD6oa/5FwP9iqFtYPWOXxvS2BVTYyr8O1a+tXfc2zafJC
> Bec8hgcYWRi+wF6ZbSBmn+1Ucv6cM/IYXtDauIddo0Iu7XybrIlLfcM92tH9x/fC
> rV5BJocnSoBax5LpwRDnkhs2ozj57m0UsiKYvQgr0u/W8vFF2ZORVVUHnvkXLgdC
> /B4zvnBZHLhQB97It8FspqLmhA6VmNZ9MdkGQNP/xcqbGNbgRa/OHBerFByDCI3V
> IA+waNqYak3L5bLbUbh4kq+QtvhkUKNhHpUCAwEAAaMvMC0wCQYDVR0TBAIwADAL
> BgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQAD
> ggEBALl7ostKoOKqa8ytOX8qsf7kxvW7Mw66NdRS7sBlM+jVaZHjCwxIAGe/QaGL
> c5P+aQx7lCFBSXPDD6sWsI59R8MSQTS0TJ8Ek4dB6Y8R6wRLtVCLGXLIeaNqP8BX
> lGb2Za42VV5O0iaDcyh+DGhZ77lJKOMZS/y6UzyqR8Q5oSNM/J8BvMr6eDHae31P
> Of2lRJAT2O3DdRqZjpVSrsNFLKM7GAeOctjVoPhNJuUTSCmW6lEtkC1ixDseoZIe
> o2Pz4kzSf66pgxM0IGKl5OeqGMht7SonhDS8Fda2fRITvgf+ZunD4Yw8ueoZnxQO
> rum0HrvwARjNTMA3lzrmagZntxk=
> -----END CERTIFICATE-----



More information about the rabbitmq-discuss mailing list