[rabbitmq-discuss] Not able to get ssl working with rabbitMQ server

Ceri Storey ceri at lshift.net
Wed Jan 22 13:42:53 GMT 2014 

(22/01/14 10:59), Kausik Chattopadhyay wrote:
> Hi,
> Thanks for the input. However, I checked that the file exists and
> "rabbitmq:rabbitmq" is the owner.
The rabbitmq user needs to have permissions to access the *entire* path.
So, usually /root only allows root to access items within that directory
(the rather bizarrely chosen "executable" permission on the directory).
Try running "sudo -u rabbitmq namei /root/testca/cacert.pem" to see this
in action. It's probably more sensible however to put the certificate
somewhere under /etc, eg: /etc/rabbitmq or similar.

> Interestingly, this is the log from rabbit at master1-sasl.log
>
>
> =CRASH REPORT==== 22-Jan-2014::08:48:51 ===
>   crasher:
>     initial call: ssl_connection:init/1
>     pid: <0.8752.0>
>     registered_name: []
>     exception exit: ecacertfile
>       in function  gen_fsm:init_it/6 (gen_fsm.erl, line 371)
>     ancestors: [ssl_connection_sup,ssl_sup,<0.228.0>]
>     messages: []
>     links: [<0.231.0>]
>     dictionary: [{ssl_manager,ssl_manager}]
>     trap_exit: false
>     status: running
>     heap_size: 1597
>     stack_size: 24
>     reductions: 1970
>   neighbours:
>
> =SUPERVISOR REPORT==== 22-Jan-2014::08:48:51 ===
>      Supervisor: {local,ssl_connection_sup}
>      Context:    child_terminated
>      Reason:     ecacertfile
>      Offender:   [{pid,<0.8752.0>},
>                   {name,undefined},
>                   {mfargs,{ssl_connection,start_link,undefined}},
>                   {restart_type,temporary},
>                   {shutdown,4000},
>                   {child_type,worker}]
>  
>
>
> On Wednesday, January 22, 2014 1:53 PM, Michael Klishin
> <mklishin at gopivotal.com> wrote:
> On 22 Jan 2014, at 10:43, Kausik Chattopadhyay
> <connect_kausik at yahoo.com <mailto:connect_kausik at yahoo.com>> wrote:
>
>
> > {error,{badmatch,{error,eacces}}} /root/testca/cacert.pem
>
>
> RabbitMQ could not read /root/testca/cacert.pem because it does not exist
> or is not readable by the effective user (e.g. rabbitmq).
>
> MK
>
> Software Engineer, Pivotal/RabbitMQ
>
>
>
>
>
>
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140122/addf53eb/attachment.html>

More information about the rabbitmq-discuss mailing list