<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt"><div>Hi ,</div><div>I am trying to configure rabbitMQ server with SSL. However it is not working. I was just trying t make sure if my server configuration is fine and I used the openssl s_client  as per <a rel="nofollow" target="_blank" href="http://www.rabbitmq.com/troubleshooting-ssl.html" style="color: rgb(25, 106, 212); font-size: 12pt;">http://www.rabbitmq.com/troubleshooting-ssl.html</a></div><div>Could you please help me out finding the problem with my setup.</div><div>Thanks</div><div>Kausik</div><div style="background-color: transparent;"><br></div><div style="background-color: transparent;"><br></div><div style="background-color: transparent;">CLIENT SIDE LOG:</div><div style="background-color: transparent;"><br></div><div style="background-color: transparent;"><br></div><div
 style="background-color: transparent;">root@master1:~# openssl s_client -connect localhost:5671 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem</div><div style="background-color: transparent;">CONNECTED(00000003)</div><div style="background-color: transparent;">write:errno=104</div><div style="background-color: transparent;">---</div><div style="background-color: transparent;">no peer certificate available</div><div style="background-color: transparent;">---</div><div style="background-color: transparent;">No client certificate CA names sent</div><div style="background-color: transparent;">---</div><div style="background-color: transparent;">SSL handshake has read 0 bytes and written 226 bytes</div><div style="background-color: transparent;">---</div><div style="background-color: transparent;">New, (NONE), Cipher is (NONE)</div><div style="background-color: transparent;">Secure Renegotiation IS NOT supported</div><div
 style="background-color: transparent;">Compression: NONE</div><div style="background-color: transparent;">Expansion: NONE</div><div style="background-color: transparent;">---</div><div><br></div><div style="background-color: transparent;"><br></div><div style="background-color: transparent;">SERVER SIDE LOG:</div><div style="background-color: transparent;"><br></div><div style="background-color: transparent;">root@master1:~/client# service rabbitmq-server restart</div><div> * Restarting message broker rabbitmq-server                                                                                                                            
                              [ OK ] </div><div>root@master1:~/client# tail -f /var/log/rabbitmq/rabbit@master1.log</div><div>Statistics database started.</div><div><br></div><div>=INFO REPORT==== 21-Jan-2014::14:09:13 ===</div><div>Server startup complete; 6 plugins started.</div><div> * amqp_client</div><div> * mochiweb</div><div> * rabbitmq_management</div><div> * rabbitmq_management_agent</div><div> * rabbitmq_web_dispatch</div><div> * webmachine</div><div><br></div><div><br></div><div><br></div><div>=INFO REPORT==== 21-Jan-2014::14:10:44 ===</div><div>accepting AMQP connection <0.320.0> (127.0.0.1:34076 -> 127.0.0.1:5671)</div><div><br></div><div>=ERROR REPORT==== 21-Jan-2014::14:10:44 ===</div><div>SSL: 1089: error:{error,{badmatch,{error,eacces}}} /root/testca/cacert.pem</div><div> 
 [{ssl_connection,init_certificates,2,</div><div>                   [{file,"ssl_connection.erl"},{line,1086}]},</div><div>   {ssl_connection,ssl_init,2,[{file,"ssl_connection.erl"},{line,1062}]},</div><div>   {ssl_connection,init,1,[{file,"ssl_connection.erl"},{line,316}]},</div><div>   {gen_fsm,init_it,6,[{file,"gen_fsm.erl"},{line,361}]},</div><div>   {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,227}]}]</div><div><br></div><div><br></div><div>=ERROR REPORT==== 21-Jan-2014::14:10:49 ===</div><div>error on AMQP connection <0.320.0>: {ssl_upgrade_error,ecacertfile} (unknown POSIX error)</div><div><br></div><div><br></div><div><br></div><div>----------------------------------------------</div><div><br></div><div><br></div><div>My serverside configuration is as follows</div><div><br></div><div>have provided root priviledges to user
 "rabbitmq"</div><div><br></div><div><div>root@master1:~/client# rabbitmqctl environment</div><div>Application environment of node rabbit@master1
 ...</div><div>[{auth_backends,[rabbit_auth_backend_internal]},</div><div> {auth_mechanisms,['PLAIN','AMQPLAIN','EXTERNAL']},</div><div> {backing_queue_module,rabbit_variable_queue},</div><div> {cluster_nodes,{[],disc}},</div><div> {cluster_partition_handling,ignore},</div><div> {collect_statistics,fine},</div><div> {collect_statistics_interval,5000},</div><div> {default_permissions,[<<".*">>,<<".*">>,<<".*">>]},</div><div> {default_user,<<"guest">>},</div><div> {default_user_tags,[administrator]},</div><div> {default_vhost,<<"/">>},</div><div> {delegate_count,16},</div><div> {disk_free_limit,50000000},</div><div> {enabled_plugins_file,"/etc/rabbitmq/enabled_plugins"},</div><div> {error_logger,{file,"/var/log/rabbitmq/rabbit@master1.log"}},</div><div> {frame_max,131072},</div><div> {halt_on_upgrade_failure,true},<di
v> {heartbeat,580},</div><div> {hipe_compile,false},</div><div> {hipe_modules,[rabbit_reader,rabbit_channel,gen_server2,rabbit_exchange,</div><div>                rabbit_command_assembler,rabbit_framing_amqp_0_9_1,</div><div>                rabbit_basic,rabbit_event,lists,queue,priority_queue,</div><div>                rabbit_router,rabbit_trace,rabbit_misc,rabbit_binary_parser,</div><div>                rabbit_exchange_type_direct,rabbit_guid,rabbit_net,</div><div>                rabbit_amqqueue_process,rabbit_variable_queue,</div><div>                rabbit_binary_generator,rabbit_writer,delegate,gb_sets,lqueue,</div><div>               
 sets,orddict,rabbit_amqqueue,rabbit_limiter,gb_trees,</div><div>                rabbit_queue_index,rabbit_exchange_decorator,gen,dict,ordsets,</div><div>                file_handle_cache,rabbit_msg_store,array,</div><div>                rabbit_msg_store_ets_index,rabbit_msg_file,</div><div>                rabbit_exchange_type_fanout,rabbit_exchange_type_topic,mnesia,</div><div>                mnesia_lib,rpc,mnesia_tm,qlc,sofs,proplists,credit_flow,pmon,</div><div>                ssl_connection,tls_connection,ssl_record,tls_record,gen_fsm,</div><div>               
 ssl]},</div><div> {included_applications,[]},</div><div> {log_levels,[{connection,info}]},</div><div> {msg_store_file_size_limit,16777216},</div><div> {msg_store_index_module,rabbit_msg_store_ets_index},</div><div> {plugins_dir,"/usr/lib/rabbitmq/lib/rabbitmq_server-3.2.2/sbin/../plugins"},</div><div> {plugins_expand_dir,"/var/lib/rabbitmq/mnesia/rabbit@master1-plugins-expand"},</div><div> {queue_index_max_journal_entries,65536},</div><div> {reverse_dns_lookups,false},</div><div> {sasl_error_logger,{file,"/var/log/rabbitmq/rabbit@master1-sasl.log"}},</div><div> {server_properties,[]},</div><div> {ssl_apps,[asn1,crypto,public_key,ssl]},</div><div> {ssl_cert_login_from,common_name},</div><div> {ssl_listeners,[5671]},</div><div> {ssl_options,[{cacertfile,"/root/testca/cacert.pem"},</div><div>             
  {certfile,"/root/server/cert.pem"},</div><div>               {keyfile,"/root/server/key.pem"},</div><div>               {verify,verify_peer},</div><div>               {fail_if_no_peer_cert,false}]},</div><div> {tcp_listen_options,[binary,</div><div>                      {packet,raw},</div><div>                      {reuseaddr,true},</div><div>                      {backlog,128},</div><div>                      {nodelay,true},</div><div>                      {linger,{true,0}},</div><div>                   
   {exit_on_close,false}]},</div><div> {tcp_listeners,[5672]},</div><div> {trace_vhosts,[]},</div><div> {vm_memory_high_watermark,0.4},</div><div> {vm_memory_high_watermark_paging_ratio,0.5}]</div><div>...done.</div><div><br></div></div></div></div></body></html>