[rabbitmq-discuss] Not able to get ssl working with rabbitMQ server

Kausik Chattopadhyay connect_kausik at yahoo.com
Wed Jan 22 06:43:49 GMT 2014 

Hi ,
I am trying to configure rabbitMQ server with SSL. However it is not working. I was just trying t make sure if my server configuration is fine and I used the openssl s_client  as per http://www.rabbitmq.com/troubleshooting-ssl.html
Could you please help me out finding the problem with my setup.
Thanks
Kausik


CLIENT SIDE LOG:


root at master1:~# openssl s_client -connect localhost:5671 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 226 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---


SERVER SIDE LOG:

root at master1:~/client# service rabbitmq-server restart
 * Restarting message broker rabbitmq-server                                                                                                                                                          [ OK ] 
root at master1:~/client# tail -f /var/log/rabbitmq/rabbit at master1.log
Statistics database started.

=INFO REPORT==== 21-Jan-2014::14:09:13 ===
Server startup complete; 6 plugins started.
 * amqp_client
 * mochiweb
 * rabbitmq_management
 * rabbitmq_management_agent
 * rabbitmq_web_dispatch
 * webmachine



=INFO REPORT==== 21-Jan-2014::14:10:44 ===
accepting AMQP connection <0.320.0> (127.0.0.1:34076 -> 127.0.0.1:5671)

=ERROR REPORT==== 21-Jan-2014::14:10:44 ===
SSL: 1089: error:{error,{badmatch,{error,eacces}}} /root/testca/cacert.pem
  [{ssl_connection,init_certificates,2,
                   [{file,"ssl_connection.erl"},{line,1086}]},
   {ssl_connection,ssl_init,2,[{file,"ssl_connection.erl"},{line,1062}]},
   {ssl_connection,init,1,[{file,"ssl_connection.erl"},{line,316}]},
   {gen_fsm,init_it,6,[{file,"gen_fsm.erl"},{line,361}]},
   {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,227}]}]


=ERROR REPORT==== 21-Jan-2014::14:10:49 ===
error on AMQP connection <0.320.0>: {ssl_upgrade_error,ecacertfile} (unknown POSIX error)



----------------------------------------------


My serverside configuration is as follows

have provided root priviledges to user "rabbitmq"

root at master1:~/client# rabbitmqctl environment
Application environment of node rabbit at master1 ...
[{auth_backends,[rabbit_auth_backend_internal]},
 {auth_mechanisms,['PLAIN','AMQPLAIN','EXTERNAL']},
 {backing_queue_module,rabbit_variable_queue},
 {cluster_nodes,{[],disc}},
 {cluster_partition_handling,ignore},
 {collect_statistics,fine},
 {collect_statistics_interval,5000},
 {default_permissions,[<<".*">>,<<".*">>,<<".*">>]},
 {default_user,<<"guest">>},
 {default_user_tags,[administrator]},
 {default_vhost,<<"/">>},
 {delegate_count,16},
 {disk_free_limit,50000000},
 {enabled_plugins_file,"/etc/rabbitmq/enabled_plugins"},
 {error_logger,{file,"/var/log/rabbitmq/rabbit at master1.log"}},
 {frame_max,131072},
 {halt_on_upgrade_failure,true},
 {heartbeat,580},
 {hipe_compile,false},
 {hipe_modules,[rabbit_reader,rabbit_channel,gen_server2,rabbit_exchange,
                rabbit_command_assembler,rabbit_framing_amqp_0_9_1,
                rabbit_basic,rabbit_event,lists,queue,priority_queue,
                rabbit_router,rabbit_trace,rabbit_misc,rabbit_binary_parser,
                rabbit_exchange_type_direct,rabbit_guid,rabbit_net,
                rabbit_amqqueue_process,rabbit_variable_queue,
                rabbit_binary_generator,rabbit_writer,delegate,gb_sets,lqueue,
                sets,orddict,rabbit_amqqueue,rabbit_limiter,gb_trees,
                rabbit_queue_index,rabbit_exchange_decorator,gen,dict,ordsets,
                file_handle_cache,rabbit_msg_store,array,
                rabbit_msg_store_ets_index,rabbit_msg_file,
                rabbit_exchange_type_fanout,rabbit_exchange_type_topic,mnesia,
                mnesia_lib,rpc,mnesia_tm,qlc,sofs,proplists,credit_flow,pmon,
                ssl_connection,tls_connection,ssl_record,tls_record,gen_fsm,
                ssl]},
 {included_applications,[]},
 {log_levels,[{connection,info}]},
 {msg_store_file_size_limit,16777216},
 {msg_store_index_module,rabbit_msg_store_ets_index},
 {plugins_dir,"/usr/lib/rabbitmq/lib/rabbitmq_server-3.2.2/sbin/../plugins"},
 {plugins_expand_dir,"/var/lib/rabbitmq/mnesia/rabbit at master1-plugins-expand"},
 {queue_index_max_journal_entries,65536},
 {reverse_dns_lookups,false},
 {sasl_error_logger,{file,"/var/log/rabbitmq/rabbit at master1-sasl.log"}},
 {server_properties,[]},
 {ssl_apps,[asn1,crypto,public_key,ssl]},
 {ssl_cert_login_from,common_name},
 {ssl_listeners,[5671]},
 {ssl_options,[{cacertfile,"/root/testca/cacert.pem"},
               {certfile,"/root/server/cert.pem"},
               {keyfile,"/root/server/key.pem"},
               {verify,verify_peer},
               {fail_if_no_peer_cert,false}]},
 {tcp_listen_options,[binary,
                      {packet,raw},
                      {reuseaddr,true},
                      {backlog,128},
                      {nodelay,true},
                      {linger,{true,0}},
                      {exit_on_close,false}]},
 {tcp_listeners,[5672]},
 {trace_vhosts,[]},
 {vm_memory_high_watermark,0.4},
 {vm_memory_high_watermark_paging_ratio,0.5}]
...done.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140121/acb73775/attachment.html>

More information about the rabbitmq-discuss mailing list