[rabbitmq-discuss] Errors during SSL configuration
Jain, Punit
Punit.Jain at emc.com
Mon Nov 11 10:46:46 GMT 2013
Hi All,
I was trying to configure SSL as instructed in the http://www.rabbitmq.com/ssl.html. My configuration file is:
[
{rabbit, [
{auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']},
{heartbeat, 30},
{tcp_listeners, [5672]},
{ssl_listeners, [5671]},
{ssl_cert_login_from, common_name},
{ssl_options, [{cacertfile, "/home/service/ssl/testca/cacert.pem"},
{certfile, "/home/service/ssl/server/cert.pem"},
{keyfile, "/home/service/ssl/server/key.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, false}]}
]}
].
But when I try to establish an SSL connection using Pika, I get following error:
=INFO REPORT==== 11-Nov-2013::09:56:42 ===
accepting AMQP connection <0.557.0> ([::1]:10538 -> [::1]:5671)
=ERROR REPORT==== 11-Nov-2013::09:56:42 ===
SSL: 1089: error:{error,{badmatch,{error,eacces}}} /home/service/ssl/testca/cacert.pem
[{ssl_connection,init_certificates,2,
[{file,"ssl_connection.erl"},{line,1086}]},
{ssl_connection,ssl_init,2,[{file,"ssl_connection.erl"},{line,1062}]},
{ssl_connection,init,1,[{file,"ssl_connection.erl"},{line,316}]},
{gen_fsm,init_it,6,[{file,"gen_fsm.erl"},{line,361}]},
{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,227}]}]
=INFO REPORT==== 11-Nov-2013::09:56:42 ===
accepting AMQP connection <0.561.0> (127.0.0.1:11194 -> 127.0.0.1:5671)
=ERROR REPORT==== 11-Nov-2013::09:56:42 ===
SSL: 1089: error:{error,{badmatch,{error,eacces}}} /home/service/ssl/testca/cacert.pem
[{ssl_connection,init_certificates,2,
[{file,"ssl_connection.erl"},{line,1086}]},
{ssl_connection,ssl_init,2,[{file,"ssl_connection.erl"},{line,1062}]},
{ssl_connection,init,1,[{file,"ssl_connection.erl"},{line,316}]},
{gen_fsm,init_it,6,[{file,"gen_fsm.erl"},{line,361}]},
{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,227}]}]
=INFO REPORT==== 11-Nov-2013::09:56:44 ===
accepting AMQP connection <0.568.0> (127.0.0.1:28830 -> 127.0.0.1:5672)
=ERROR REPORT==== 11-Nov-2013::09:56:47 ===
error on AMQP connection <0.557.0>: {ssl_upgrade_error,ecacertfile} (unknown POSIX error)
=ERROR REPORT==== 11-Nov-2013::09:56:47 ===
error on AMQP connection <0.561.0>: {ssl_upgrade_error,ecacertfile} (unknown POSIX error)
The certificate files have permissions as below:
-rw-r--r-- 1 service users 1070 Nov 11 07:58 client/cert.pem
-rw-r--r-- 1 service users 2349 Nov 11 07:58 client/keycert.p12
-rw-r--r-- 1 service users 1675 Nov 11 07:57 client/key.pem
-rw-r--r-- 1 service users 924 Nov 11 07:58 client/req.pem
-rw-r--r-- 1 service users 1070 Nov 11 07:57 server/cert.pem
-rw-r--r-- 1 service users 2349 Nov 11 07:57 server/keycert.p12
-rw-r--r-- 1 service users 1675 Nov 11 07:56 server/key.pem
-rw-r--r-- 1 service users 924 Nov 11 07:56 server/req.pem
-rw-r--r-- 1 service users 714 Nov 11 07:55 testca/cacert.cer
-rw-r--r-- 1 service users 1021 Nov 11 07:55 testca/cacert.pem
-rw-r--r-- 1 service users 116 Nov 11 07:58 testca/index.txt
-rw-r--r-- 1 service users 21 Nov 11 07:58 testca/index.txt.attr
-rw-r--r-- 1 service users 21 Nov 11 07:57 testca/index.txt.attr.old
-rw-r--r-- 1 service users 58 Nov 11 07:57 testca/index.txt.old
-rw-r--r-- 1 service users 2567 Nov 11 07:55 testca/openssl.cnf
-rw-r--r-- 1 service users 3 Nov 11 07:58 testca/serial
-rw-r--r-- 1 service users 3 Nov 11 07:57 testca/serial.old
testca/certs:
total 8
-rw-r--r-- 1 service users 1070 Nov 11 07:57 01.pem
-rw-r--r-- 1 service users 1070 Nov 11 07:58 02.pem
testca/private:
total 4
-rw-r--r-- 1 service users 1679 Nov 11 07:55 cakey.pem
I googled it and found out that the issue is related to permissions. I gave everyone full access, but still it doesn't solve the issue. Can you please help me in fixing this?
Thanks in Advance!
-Punit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20131111/0d43a133/attachment.htm>
More information about the rabbitmq-discuss
mailing list