[rabbitmq-discuss] RabbitMQ, SSL, .NET Client
Emile Joubert
emile at rabbitmq.com
Tue Sep 20 21:02:12 BST 2011
Hi Jeremy,
Op 20/09/11 18:14, het jeremyalan geskryf:
>
>> For a test I would instead suggest creating certificates in the way
>> described here:
>> http://www.rabbitmq.com/ssl.html
>
> I've attempted to regenerate self-signed certificates, and have not had any
> luck getting the .NET client to connect. I tried loading the certs in .pem
> format, but that didn't work, apparently because .NET does not work well
> with PEM files, so I converted them to .cer format, using the following
> command:
The need for DER format and the required openssl commands are documented
here:
https://www.rabbitmq.com/ssl.html#keys-and-certs
>> The common name (CN) field is expected to contain the hostname.
>
> I'm not sure what the proper hostname should be, since everything is running
> on localhost.
On Windows you can substitute %COMPUTERNAME%.
>> It is possible that you are attempting to connect to the SSL port with a
>> client that is not configured to use SSL. Could that be the case?
>> Confirm the port numbers that are set up in your configuration file.
>
> The port numbers are configured properly. I can't say for sure
The default (unencrypted) AMQP port is specified as 5672 in the protocol
and the default SSL port is defined as 5671 in the AmqpTcpEndpoint class.
The following diagnostic test can help to distinguish between the two
kinds of ports.
non-SSL test:
If you connect to the port using telnet or netcat, and send the string
"AMQP^A^A^I^A" then you will either get a reply from the server or the
connection will close. If you get a reply containing "PLAIN AMQPLAIN"
then you have connected to a non-SSL port. If the connection drops while
generating "record overflow" broker logfile entries then try the SSL test.
SSL test:
If you connect with "openssl s_client -connect <host>:<port>" and an SSL
session gets established then you have connected to an SSL port.
(Sending "AMQP^A^A^I^A" and carriage return at this point should also
yield output containing "PLAIN AMQPLAIN".) If you get an "unknown
protocol" SSL error then you are probably not connecting to an SSL port
- try the non-SSL test.
The error message you report is consistent with attempting to establish
a non-SSL connection to a port on the server which expects SSL
connections. Carefully check the broker configuration file ensuring that
the results from the diagnostic tests are consistent with it. Then
check that the default example works correctly before elaborating on it:
https://www.rabbitmq.com/ssl.html#code-snippet
-Emile
More information about the rabbitmq-discuss
mailing list