[rabbitmq-discuss] RabbitMQ clustering with SSL

ramviv.123 at gmail.com ramviv.123 at gmail.com
Tue Aug 13 17:00:57 BST 2013


    We are setting up a RabbitMQ env with clustering on the LAN and 
federated on the WAN.  We also intend to use consistent hash on the 
receiver side.  We were able to successfully setup a federated 
configuration with ssl enabled.  But we are having issues trying to setup 
ssl with clusters.  We are using RabbitMQ 3.1.3 with erlang 
version  We have setup the erlang config based on 
http://www.erlang.org/doc/apps/ssl/ssl_distribution.html.   I am able 
connect tru an erlang client server program to send data back and forth and 
so I know the ssl with erlang works.  But when I bring RabbitMQ with 
clusters and take a TCP dump of the packets, the data transfer seem to be 
clear text.  Is there a way to check if the clusters are configured for ssl 
by any other means.  Also, would appreciate if someone can point out what 
am I doing wrong here.  Here is the env file (rabbitmq-env.conf)

SERVER_START_ARGS="-boot /usr/lib64/erlang/releases/R15B03/start_ssl 
-proto_dist inet_tls"
#SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_portprogram_dir 
SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_cacertfile 
SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_certfile 
SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_keyfile 
SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt server_verify 1"
server_fail_if_no_peer_cert true"
server_secure_renegotiate true"
SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_cacertfile 
SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_certfile 
SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_keyfile 
SERVER_START_ARGS="${SERVER_START_ARGS} -ssl_dist_opt client_verify 1"
client_secure_renegotiate true"

Here is the rabbitmq.config for clustering and ssl option set for other 

[nn-vmrh5: /etc/rabbitmq]vi rabbitmq.config
    {rabbit, [
        {default_vhost, <<"alert">>},
        {tcp_listeners, [5672]},
        {ssl_listeners, [5671]},
        {rabbitmq_tracing, [{username, "guest"}]},
        {cluster_nodes, ['rabbit at nn-vmrh5','rabbit at nn-vmrh5g']},
        {ssl_options, [{cacertfile,"/etc/openssl/all_cacerts.pem"},
                       {fail_if_no_peer_cert,true}] },
        {auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']},
        {ssl_cert_login_from, common_name},
        {log_levels, [{connection, info}]}
    ] }

   Would really appreciate any help on this.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130813/18a98126/attachment.htm>

More information about the rabbitmq-discuss mailing list