[rabbitmq-discuss] Help with the SSL tutorial on Windows Server 2008

Wiessler, Wolfgang wolfgang.wiessler at siemens.com
Wed Jun 13 11:00:22 BST 2012


Thanks Emile and Michael for you help. I installed OpenSSL (the 32 Bit version on the 64 Bit Windows as stated in the tutorial). I successfully generated the certificates according to the tutorial. But now I am running into a problem when starting the RabbitMQ Service. It terminates right away without any specific error. In the event viewer "System" log, I get the following error:

--------
RabbitMQ: Erlang machine stopped instantly (distribution name conflict?). The service is not restarted as OnFail is set to ignore.
--------

My config file looks like this (the paths are correct):
[
  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,C:/Messaging/testca/cacert.pem},
                    {certfile,C:/Messaging/server/cert.pem},
                    {keyfile,C:/Messaging/server/key.pem},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}
   ]}
].

I cannot find any more details on this error. The log file is empty. Any idea what might cause this? Are the generated certificates incorrect? Surprisingly, the service starts fine if I replace the values with invalid dummy entries.

-Wolfgang



-----Original Message-----
From: Emile Joubert [mailto:emile at rabbitmq.com] 
Sent: Mittwoch, 13. Juni 2012 10:55
To: Wiessler, Wolfgang
Cc: rabbitmq-discuss at lists.rabbitmq.com
Subject: Re: [rabbitmq-discuss] Help with the SSL tutorial on Windows Server 2008

Hi Wolfgang,

On 12/06/12 17:15, Wiessler, Wolfgang wrote:
> Now I would like to create my own Certificate Authority and create 
> certificates. The example in the tutorial seems to be using UNIX and 
> does not show where to expect certain executables (e.g. openssl). I 
> cannot find the file when I am searching for it on my server. Also 
> certain UNIX commands are not available in Windows and I am not sure 
> if they are required under windows or what the equivalent is (chmod, touch).

If you wish to follow the steps verbatim on Windows then install Cygwin.
The examples assume that you have the OpenSSL binaries and utilities on your PATH. You can do the same on WINDOWS.

> Could somebody please shed some light on what is missing? Do I need to 
> install anything else? The tutorial is mentioning certain extra steps 
> for Erlang R13B, but I am using R15B so I can ignore these steps?

You don't have to use OpenSSL. If you have your own PKI then feel free to use that. You will need to refer to the documentation of your PKI provider and ensure that certificates and keys are in the correct format.

If you choose to use OpenSSL for creating and signing certificates then you will need to install it first. See http://www.openssl.org/related/binaries.html

On average later versions of Erlang have fewer SSL bugs than earlier versions. Using R15B (or later) should be fine.



-Emile




More information about the rabbitmq-discuss mailing list