[rabbitmq-discuss] Trouble with SSL on my newly installed RabbitMQ instance

Narayan bvnr.mail at gmail.com
Wed May 28 08:41:25 BST 2014 

Michael Klishin <mklishin at ...> writes:

> 
> On 7 April 2014 at 13:58:47, Joe Abrams (jbabrams <at> gmail.com) wrote:
> > > I've banged my head on this for a day now and am not making progress.  
> > Any help would be greatly appreciate.
> 
> Have you tried connecting with openssl s_client and using openssl s_server
> to verify your certificates and server key?
> 
> There can be many reasons to ssl_upgrade_error and openssl 
s_client/s_server
> will output more detailed messages when there’s an error. 


Hi Michael,

I am also facing the same error , I tried to check my certificates with 
openssl s_server  running on specific port, and openssl s-client is able to 
connect to that port and able to communicate .. see this client output 
below..

openssl s_client -connect localhost:8443 -cert client/cert.pem -key 
client/key.pem -CAfile testca/cacert.pem
CONNECTED(00000003)
depth=1 CN = MyTestCA
verify return:1
depth=0 CN = primedev, O = server
verify return:1
---
Certificate chain
 0 s:/CN=primedev/O=server
   i:/CN=MyTestCA
 1 s:/CN=MyTestCA
   i:/CN=MyTestCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC4TCCAcmgAwIBAgIBATANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhNeVRl
c3RDQTAeFw0xNDA1MjgwNjU2NDNaFw0xNTA1MjgwNjU2NDNaMCQxETAPBgNVBAMM
CHByaW1lZGV2MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9IW8zoWmE8tUr46rc+QWrPYBlpHefUZ7HP1smlrN9rujrZM7l
ja7w+M7rHJSt0bTQ+dFfu1RTmWHkdgI4YIdgGvmhU3Bcij5Cyxn+vtZUaIAeYGfQ
QfPj6WsNiHOem/ieAkbhX+AvPDD7DBjlrqbo9ZtzeJxkhe/ENWHRlpdPNNpHpvbw
2azTPO55Nb2sDbeUOP0Bv1OieXM3r7CNruFF+KTAzxdC18kUM0Ty4jmwG3L1DFlF
zpm77ByB5DjFdNs+tBZ+1Fi1WrHp2NsSJe0IsCdCF9BG3RacpQv5tt/5/qL/af4G
xDyqebE/G9RwbM6Mnti3wGY34EGMtGFao/vDAgMBAAGjLzAtMAkGA1UdEwQCMAAw
CwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUA
A4IBAQAL4TTARGRyGq/EMtbfkrQbInMoIPaV+VT8X6EKCvBrhjQZZ1bGHBYEBhry
EHQAJ1eiRPPLpVe4zpIP6xU8tiN/sIm4XOyj7hstSTThnixjNgZRmwUt/blMKA0p
PsFEKnAf2brwryO4KJcKbfjLCJfyWje8nXLR9dz/qrJ8+Vwve76lMnAoRqjDw1OF
z08evHevN3Mdb3Hyvd9WFRNMpQkjrmfx+v5dcXcbSOlpwtHIHMmX3Pq7QgXQdyo/
vNmGBYqyLofBwtKMOYbfhoksyJbCOeDCG5fYMUnSI1EqivjLPQX/0Dt2s0UzWOip
G2FWCQGgOKfLHWIawGNQcSpM83x4
-----END CERTIFICATE-----
subject=/CN=primedev/O=server
issuer=/CN=MyTestCA
---
No client certificate CA names sent
---
SSL handshake has read 2176 bytes and written 247 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 
81472A55C8EC471863BFC884C40322AC1A5C5FA00C8D845E71A98E122D60185E
    Session-ID-ctx:
    Master-Key: 
BB3BBA13077D4152455620760258906F1CF576966656D4417C3F80B1F7C1B357DCEBA4434363
879177A7AF55332FBC7A
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket:
    0000 - 96 aa 8f 94 70 9c 42 0c-1b 44 62 f9 8c a8 42 5d   
....p.B..Db...B]
    0010 - fb 24 c2 7a 38 4e 69 e5-89 3d 71 ba 8f 59 2a 1a   
.$.z8Ni..=q..Y*.
    0020 - a0 9d e2 cc a8 fb 3d 71-b5 b3 d6 01 17 d9 22 b9   
......=q......".
    0030 - 6a 6b 73 59 1b 07 b7 84-23 b2 c7 08 4d 7f 88 2a   
jksY....#...M..*
    0040 - 6b 75 e5 3c 25 ca 26 da-77 b8 64 ce 72 15 30 da   ku.
<%.&.w.d.r.0.
    0050 - 5b 11 98 0a 25 dc 96 a3-77 bf b8 a0 e1 38 4e 22   
[...%...w....8N"
    0060 - 19 78 bc 5b 89 5b 3c f1-d5 17 e8 4f 57 0f 15 dc   .x.[.
[<....OW...
    0070 - 97 09 d8 7c 64 ce 68 e1-3f 18 95 23 3f 80 6a c7   
...|d.h.?..#?.j.
    0080 - 63 72 53 20 96 34 51 09-d3 28 8d 8c 73 03 31 a0   crS .4Q..
(..s.1.
    0090 - d0 73 3f 6a 19 25 11 10-5f d3 02 d5 92 75 ec f0   .s?
j.%.._....u..

    Compression: 1 (zlib compression)
    Start Time: 1401261748
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---







Where as when i run openssl s_client to rabbitmq port(5671) getting the 
below error, Any help is appreciated ..

openssl s_client -connect localhost:5671 -cert client/cert.pem -key 
client/key.pem -CAfile testca/cacert.pem
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 113 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

More information about the rabbitmq-discuss mailing list