[rabbitmq-discuss] Problems with rabbitmq-auth-mechanism-ssl
Jiri Krutil
jiri at krutil.com
Tue Feb 22 10:17:37 GMT 2011
Hi
I have upgraded my server and Java client to 2.3.1 and I'm trying the
new SASL EXTERNAL authentication mechanism using
rabbitmq-auth-mechanism-ssl plugin.
My rabbitmq.config contains:
[
{rabbit, [
{ssl_listeners, [{"0.0.0.0",5671}]},
{ssl_options, [
{cacertfile,"/home/alpha/ssl/ca/cacert.pem"},
{certfile,"/home/alpha/ssl/server/servercert.pem"},
{keyfile,"/home/alpha/ssl/server/serverkey.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,true},
{auth_mechanisms,['EXTERNAL']}
]}
]}
].
I'm connecting from a Java client using a client certificate. The SSL
handshake seems to work, but I can't seem to get the cert-based
authentication working. My client cert has subject= /CN=CXAPI001
Not sure what should I do on the client side. Something like
connectionFactory.setSaslConfig(new DefaultSaslConfig())?
This is what I'm getting in the server log:
=INFO REPORT==== 22-Feb-2011::10:22:05 ===
accepted TCP connection on 0.0.0.0:5671 from 172.20.12.132:1940
=INFO REPORT==== 22-Feb-2011::10:22:05 ===
starting TCP connection <0.325.0> from 172.20.12.132:1940
=INFO REPORT==== 22-Feb-2011::10:22:05 ===
upgraded TCP connection <0.325.0> to SSL
=ERROR REPORT==== 22-Feb-2011::10:22:08 ===
exception on TCP connection <0.325.0> from 172.20.12.132:1940
{channel0_error,starting,
{amqp_error,access_refused,
"PLAIN login refused: user 'guest' -
invalid credentials",
'connection.start_ok'}}
More information about the rabbitmq-discuss
mailing list