[rabbitmq-discuss] RabbitMQ-C SSL support

Lothe_Shashank Lothe_Shashank at mahindrasatyam.com
Fri Apr 26 13:10:24 BST 2013


Hi Alan,

Thanks for the prompt reply.
The <Server> used is localhost and the certificates are present in default /etc/ssl/ directory. I changed the rabbitmq.config at /etc/rabbitmq for certificate paths but it is still showing the same error. Please note that if I run example programs without SSL, rabbitmq is working fine. for example if I try amqp_listner instead of amqps_listner it is working fine.
Is there any way to validate these certificates?

regards,
Shashank

Date: Fri, 26 Apr 2013 07:10:21 +0000
From: Lothe_Shashank <Lothe_Shashank at mahindrasatyam.com>
Subject: [rabbitmq-discuss] RabbitMQ-C SSL support
To: "rabbitmq-discuss at lists.rabbitmq.com"
        <rabbitmq-discuss at lists.rabbitmq.com>
Message-ID:
        <DD7729D61B083D48A2CDCB66A27AD4C98C12E3 at BSDMSATMBX001.mahindrasatyam.ad>

Content-Type: text/plain; charset="iso-8859-1"

Hi,

I downloaded Rabbitmq--c-master fromhttps://github.com/alanxz/rabbitmq-c/tree/ssl. I understand that this package supports SSL functionalities for rabbitmq-c. I were able to compile and install this package and examples provided in it.

Steps I followed on server side:
step - 1.Created own CA and generated  the key
* For creating CA I followed this link http://www.rabbitmq.com/ssl.html
step-2:Next I created our own rabbitmq.config at /etc/rabbitmq .
[
  {rabbit, [
     {ssl_listeners, [5672]},
     {ssl_options, [{cacertfile,"/path/to/testca/cacert.pem"},
                    {certfile,"/path/to/server/cert.pem"},
                    {keyfile,"/path/to/server/key.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}
   ]}
].

step-3: Then I executed the program using following command
 ./amqps_listen <Server> 5672 amq.direct AAA "/<PATH_TO>/cacert.pem"  "<PATH_TO/key.pem" "<PATH_TO/cert.pem"

amqp_socket_open is failing with following message displayed on console:
opening SSL/TLS connection

I disabled firewall on server [sudo ufw disable] but still the same error. Kindly suggest.

Thanks and regards,
Shashank

________________________________

DISCLAIMER:
This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130426/ae81a67f/attachment-0001.htm>

------------------------------

Message: 21
Date: Fri, 26 Apr 2013 00:33:58 -0700
From: Alan Antonuk <alan.antonuk at gmail.com>
Subject: Re: [rabbitmq-discuss] RabbitMQ-C SSL support
To: Discussions about RabbitMQ <rabbitmq-discuss at lists.rabbitmq.com>
Message-ID:
        <CAAt2poJKDhpQ_4A-YGqDUNFrY+ZFSpP1dXL9Z8-Hq5zgjBUpwQ at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

By default rabbitmq-c verifies that the hostname you're connecting to
matches that of the CN on the SSL certificate of the host you're connecting
to.

When you specified the <Server> in amqp_listen does it match what you
specified when you created the server certificate?


________________________________

DISCLAIMER:
This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.


More information about the rabbitmq-discuss mailing list