<div dir="ltr">Run the following command against the server certificate:<div><br></div><div style>openssl x509 -noout -in /path/to/server/cert.pem -subject</div><div style><br></div><div style>It'll print out the subject of the certificate, the bit you're interested in is the CN. This must match the hostname you try to connect to. (e.g., the hostname you use in the amqps_listen command). </div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Apr 26, 2013 at 5:10 AM, Lothe_Shashank <span dir="ltr"><<a href="mailto:Lothe_Shashank@mahindrasatyam.com" target="_blank">Lothe_Shashank@mahindrasatyam.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Alan,<br>
<br>
Thanks for the prompt reply.<br>
The <Server> used is localhost and the certificates are present in default /etc/ssl/ directory. I changed the rabbitmq.config at /etc/rabbitmq for certificate paths but it is still showing the same error. Please note that if I run example programs without SSL, rabbitmq is working fine. for example if I try amqp_listner instead of amqps_listner it is working fine.<br>
Is there any way to validate these certificates?<br>
<br>
regards,<br>
Shashank<br>
<br>
Date: Fri, 26 Apr 2013 07:10:21 +0000<br>
From: Lothe_Shashank <<a href="mailto:Lothe_Shashank@mahindrasatyam.com">Lothe_Shashank@mahindrasatyam.com</a>><br>
Subject: [rabbitmq-discuss] RabbitMQ-C SSL support<br>
To: "<a href="mailto:rabbitmq-discuss@lists.rabbitmq.com">rabbitmq-discuss@lists.rabbitmq.com</a>"<br>
<<a href="mailto:rabbitmq-discuss@lists.rabbitmq.com">rabbitmq-discuss@lists.rabbitmq.com</a>><br>
Message-ID:<br>
<<a href="mailto:DD7729D61B083D48A2CDCB66A27AD4C98C12E3@BSDMSATMBX001.mahindrasatyam.ad">DD7729D61B083D48A2CDCB66A27AD4C98C12E3@BSDMSATMBX001.mahindrasatyam.ad</a>><br>
<br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<div class="im"><br>
Hi,<br>
<br>
I downloaded Rabbitmq--c-master fromhttps://<a href="http://github.com/alanxz/rabbitmq-c/tree/ssl" target="_blank">github.com/alanxz/rabbitmq-c/tree/ssl</a>. I understand that this package supports SSL functionalities for rabbitmq-c. I were able to compile and install this package and examples provided in it.<br>
<br>
Steps I followed on server side:<br>
step - 1.Created own CA and generated the key<br>
* For creating CA I followed this link <a href="http://www.rabbitmq.com/ssl.html" target="_blank">http://www.rabbitmq.com/ssl.html</a><br>
step-2:Next I created our own rabbitmq.config at /etc/rabbitmq .<br>
[<br>
{rabbit, [<br>
{ssl_listeners, [5672]},<br>
{ssl_options, [{cacertfile,"/path/to/testca/cacert.pem"},<br>
{certfile,"/path/to/server/cert.pem"},<br>
{keyfile,"/path/to/server/key.pem"},<br>
{verify,verify_peer},<br>
{fail_if_no_peer_cert,false}]}<br>
]}<br>
].<br>
<br>
step-3: Then I executed the program using following command<br>
./amqps_listen <Server> 5672 amq.direct AAA "/<PATH_TO>/cacert.pem" "<PATH_TO/key.pem" "<PATH_TO/cert.pem"<br>
<br>
amqp_socket_open is failing with following message displayed on console:<br>
opening SSL/TLS connection<br>
<br>
I disabled firewall on server [sudo ufw disable] but still the same error. Kindly suggest.<br>
<br>
Thanks and regards,<br>
Shashank<br>
<br>
________________________________<br>
<br>
DISCLAIMER:<br>
This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.<br>
</div>-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130426/ae81a67f/attachment-0001.htm" target="_blank">http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130426/ae81a67f/attachment-0001.htm</a>><br>
<br>
------------------------------<br>
<br>
Message: 21<br>
Date: Fri, 26 Apr 2013 00:33:58 -0700<br>
From: Alan Antonuk <<a href="mailto:alan.antonuk@gmail.com">alan.antonuk@gmail.com</a>><br>
Subject: Re: [rabbitmq-discuss] RabbitMQ-C SSL support<br>
To: Discussions about RabbitMQ <<a href="mailto:rabbitmq-discuss@lists.rabbitmq.com">rabbitmq-discuss@lists.rabbitmq.com</a>><br>
Message-ID:<br>
<<a href="mailto:CAAt2poJKDhpQ_4A-YGqDUNFrY%2BZFSpP1dXL9Z8-Hq5zgjBUpwQ@mail.gmail.com">CAAt2poJKDhpQ_4A-YGqDUNFrY+ZFSpP1dXL9Z8-Hq5zgjBUpwQ@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<div class="im HOEnZb"><br>
By default rabbitmq-c verifies that the hostname you're connecting to<br>
matches that of the CN on the SSL certificate of the host you're connecting<br>
to.<br>
<br>
When you specified the <Server> in amqp_listen does it match what you<br>
specified when you created the server certificate?<br>
<br>
<br>
</div><div class="HOEnZb"><div class="h5">________________________________<br>
<br>
DISCLAIMER:<br>
This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.<br>
_______________________________________________<br>
rabbitmq-discuss mailing list<br>
<a href="mailto:rabbitmq-discuss@lists.rabbitmq.com">rabbitmq-discuss@lists.rabbitmq.com</a><br>
<a href="https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss" target="_blank">https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss</a><br>
</div></div></blockquote></div><br></div>