[rabbitmq-discuss] SSL: error on AMQP connection

Jain, Punit Punit.Jain at emc.com
Fri Nov 15 05:32:29 GMT 2013 

Hi All,
We have existing tomcat server certificates, and I want to use them for RabbitMQ server certificates. I got following error while trying to use them:
=INFO REPORT==== 15-Nov-2013::04:39:51 ===
accepting AMQP connection <0.547.0> (127.0.0.1:4511 -> 127.0.0.1:5671)

=ERROR REPORT==== 15-Nov-2013::04:39:51 ===
SSL: 1130: error:{error,{asn1,{-4,71},
                                                                <<126,41,137,36,177,124,89,72,229,70,26,240,
                                                                228,51,215,203,103,255, ...
                                                                19,218,198,115>>}} /etc/ipsec.d/private/webServerHostkeyFile.pem
  [{public_key,der_decode,2,[{file,"public_key.erl"},{line,170}]},
   {ssl_connection,init_private_key,5,
                   [{file,"ssl_connection.erl"},{line,1127}]},
   {ssl_connection,ssl_init,2,[{file,"ssl_connection.erl"},{line,1064}]},
   {ssl_connection,init,1,[{file,"ssl_connection.erl"},{line,316}]},
   {gen_fsm,init_it,6,[{file,"gen_fsm.erl"},{line,361}]},
   {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,227}]}]

=ERROR REPORT==== 15-Nov-2013::04:39:56 ===
error on AMQP connection <0.547.0>: {ssl_upgrade_error,ekeyfile} (unknown POSIX error)

My config file is:
[{rabbit, [
        {auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']},
        {heartbeat, 30},
        {tcp_listeners, [5672]},
        {ssl_listeners, [5671]},
        {ssl_cert_login_from, common_name},
        {ssl_options, [{cacertfile, "/etc/ipsec.d/cacerts/strongswanCert.pem"},
                {certfile, "/etc/ipsec.d/certs/webServerHostCertFile.pem"},
                {keyfile, "/etc/ipsec.d/private/webServerHostkeyFile.pem"},
                {verify, verify_peer},
                {fail_if_no_peer_cert, false}]}
        ]}
].

The keyfile is as below:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,9A1AE0009DF93364
CMYIoAKEhKXZK0dvsTnhAIIT8EQJtWSr/HlxTUAzZavi....
-----END RSA PRIVATE KEY-----

This seems to be encrypted. Could this be the cause of above error? How can I resolve this?

Thanks in Advance!
-Punit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20131115/7b403556/attachment.htm>

More information about the rabbitmq-discuss mailing list