[rabbitmq-discuss] RabbitMQ-C SSL support

Alan Antonuk alan.antonuk at gmail.com
Fri Apr 26 15:43:38 BST 2013


Run the following command against the server certificate:

openssl x509 -noout -in /path/to/server/cert.pem -subject

It'll print out the subject of the certificate, the bit you're interested
in is the CN. This must match the hostname you try to connect to. (e.g.,
the hostname you use in the amqps_listen command).


On Fri, Apr 26, 2013 at 5:10 AM, Lothe_Shashank <
Lothe_Shashank at mahindrasatyam.com> wrote:

> Hi Alan,
>
> Thanks for the prompt reply.
> The <Server> used is localhost and the certificates are present in default
> /etc/ssl/ directory. I changed the rabbitmq.config at /etc/rabbitmq for
> certificate paths but it is still showing the same error. Please note that
> if I run example programs without SSL, rabbitmq is working fine. for
> example if I try amqp_listner instead of amqps_listner it is working fine.
> Is there any way to validate these certificates?
>
> regards,
> Shashank
>
> Date: Fri, 26 Apr 2013 07:10:21 +0000
> From: Lothe_Shashank <Lothe_Shashank at mahindrasatyam.com>
> Subject: [rabbitmq-discuss] RabbitMQ-C SSL support
> To: "rabbitmq-discuss at lists.rabbitmq.com"
>         <rabbitmq-discuss at lists.rabbitmq.com>
> Message-ID:
>         <
> DD7729D61B083D48A2CDCB66A27AD4C98C12E3 at BSDMSATMBX001.mahindrasatyam.ad>
>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> I downloaded Rabbitmq--c-master fromhttps://
> github.com/alanxz/rabbitmq-c/tree/ssl. I understand that this package
> supports SSL functionalities for rabbitmq-c. I were able to compile and
> install this package and examples provided in it.
>
> Steps I followed on server side:
> step - 1.Created own CA and generated  the key
> * For creating CA I followed this link http://www.rabbitmq.com/ssl.html
> step-2:Next I created our own rabbitmq.config at /etc/rabbitmq .
> [
>   {rabbit, [
>      {ssl_listeners, [5672]},
>      {ssl_options, [{cacertfile,"/path/to/testca/cacert.pem"},
>                     {certfile,"/path/to/server/cert.pem"},
>                     {keyfile,"/path/to/server/key.pem"},
>                     {verify,verify_peer},
>                     {fail_if_no_peer_cert,false}]}
>    ]}
> ].
>
> step-3: Then I executed the program using following command
>  ./amqps_listen <Server> 5672 amq.direct AAA "/<PATH_TO>/cacert.pem"
>  "<PATH_TO/key.pem" "<PATH_TO/cert.pem"
>
> amqp_socket_open is failing with following message displayed on console:
> opening SSL/TLS connection
>
> I disabled firewall on server [sudo ufw disable] but still the same error.
> Kindly suggest.
>
> Thanks and regards,
> Shashank
>
> ________________________________
>
> DISCLAIMER:
> This email (including any attachments) is intended for the sole use of the
> intended recipient/s and may contain material that is CONFIDENTIAL AND
> PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or
> distribution or forwarding of any or all of the contents in this message is
> STRICTLY PROHIBITED. If you are not the intended recipient, please contact
> the sender by email and delete all copies; your cooperation in this regard
> is appreciated.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130426/ae81a67f/attachment-0001.htm
> >
>
> ------------------------------
>
> Message: 21
> Date: Fri, 26 Apr 2013 00:33:58 -0700
> From: Alan Antonuk <alan.antonuk at gmail.com>
> Subject: Re: [rabbitmq-discuss] RabbitMQ-C SSL support
> To: Discussions about RabbitMQ <rabbitmq-discuss at lists.rabbitmq.com>
> Message-ID:
>         <
> CAAt2poJKDhpQ_4A-YGqDUNFrY+ZFSpP1dXL9Z8-Hq5zgjBUpwQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> By default rabbitmq-c verifies that the hostname you're connecting to
> matches that of the CN on the SSL certificate of the host you're connecting
> to.
>
> When you specified the <Server> in amqp_listen does it match what you
> specified when you created the server certificate?
>
>
> ________________________________
>
> DISCLAIMER:
> This email (including any attachments) is intended for the sole use of the
> intended recipient/s and may contain material that is CONFIDENTIAL AND
> PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or
> distribution or forwarding of any or all of the contents in this message is
> STRICTLY PROHIBITED. If you are not the intended recipient, please contact
> the sender by email and delete all copies; your cooperation in this regard
> is appreciated.
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130426/be16aa9d/attachment.htm>


More information about the rabbitmq-discuss mailing list