<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Tahoma","sans-serif";
color:windowtext;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:527522214;
mso-list-type:hybrid;
mso-list-template-ids:1246235098 134807569 134807577 134807579 134807567 134807577 134807579 134807567 134807577 134807579;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Hi there,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">We are trying to configure client certificate based authentication over SSL on our rabbitmq server. However we have hit an issue which we are unable to get past.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Can someone please help us figure out the solution?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Our configuration steps are as follows:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><span style="mso-list:Ignore">1)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Our RabbitMQ version is:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><span style="mso-list:Ignore">2)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">We would like to achieve password-less authentication using client certificate and LDAP authorisation.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><span style="mso-list:Ignore">3)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">For client certificates, we installed a stand-alone microsoft pki certification authority on our windows server 2008 R2 machine<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><span style="mso-list:Ignore">4)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">We then issued a client certificate via the certificate manager web portal i.e.
<o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:72.0pt"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">(<a href="https://%3cservername%3e/certmgr">https://<servername>/certmgr</a> -> Request a certificate -> Advanced certificate request ->
Create and submit a request to this CA -> Filled in the details (with Client Authentication Certificate option selected)-> Submitted the request -> Approved -> Installed.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Please note the Name on the certificate was set as
<a href="mailto:username@domain.com">username@domain.com</a> (which is the CN for the user name in AD)<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><span style="mso-list:Ignore">5)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">We then issued an SSL certificate via the certificate manager web portal i.e. the same steps as above but this time had the “Server Authentication Certificate” selected<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Please note the Name on the certificate was set as
<a href="mailto:machine@domain.com">machine@domain.com</a><o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><span style="mso-list:Ignore">6)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Downloaded the CA root certificate in .cer format and converted it into .pem using openssl<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><span style="mso-list:Ignore">7)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Downloaded the Server certificate (from step 5) in .pfx format. It was then separated into ServerCertificate.pem and ServerCertificateKey.pem using openssl<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><span style="mso-list:Ignore">8)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Downloaded the Client certificate (from step 4) in .pfx format. It was then separated into Cert.pem/ Key.pem and then combined into ClientCertificate.p12 using openssl<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><span style="mso-list:Ignore">9)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Our rabbitmq config is:<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">[{rabbit,<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> [{auth_backends, [rabbit_auth_backend_ldap]},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {auth_mechanisms, ['EXTERNAL']},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {ssl_listeners, [{"0.0.0.0", 5671}]},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {ssl_options,<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> [{cacertfile,"C:/Program Files (x86)/RabbitMQ Server/rabbitmq_server-3.2.3/certificates/pem/CARootCertificate.pem"},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {certfile,"C:/Program Files (x86)/RabbitMQ Server/rabbitmq_server-3.2.3/certificates/pem/ServerCertificate.pem"},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {keyfile,"C:/Program Files (x86)/RabbitMQ Server/rabbitmq_server-3.2.3/certificates/key/ServerCertificateKey.key"},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {verify,verify_peer},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {fail_if_no_peer_cert,true}]},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {ssl_cert_login_from, common_name}]<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">{rabbitmq_auth_backend_ldap,<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> [
<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {servers, ["xxxxxxx.yyyyy.com"]},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {dn_lookup_attribute, "userPrincipalName"},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {dn_lookup_base, "DC= yyyyy,DC=com"},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {use_ssl, true},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {port, 636},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {log, network},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {vhost_access_query, {in_group,<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> "ou=${vhost}-users,ou=computers,dc= yyyyy,dc=com"}},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {resource_access_query,<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {for,<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> [{permission, configure, {in_group, "cn=domain users,dc= yyyyy,dc=com"}},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {permission, write,<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {for, [{resource, queue, {in_group, "cn=domain users,dc= yyyyy,dc=com"}},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {resource, exchange, {constant, true}}]}},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {permission, read,<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {for, [{resource, exchange, {in_group, "cn=domain users,dc= yyyyy,dc=com"}},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {resource, queue, {constant, true}}]}}<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> ]<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> }},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {tag_queries, [{administrator, {constant, true}},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {management, {constant, true}}]}<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> ]}].<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><span style="mso-list:Ignore">10)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Our client code is:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-autospace:none"><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black"> cf</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">Ssl</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">ServerName</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">= <CN Name of the server certificate i.e.
<a href="mailto:machine@domain.com">machine@domain.com</a>><o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-autospace:none"><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black"> </span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">cf</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">Ssl</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">CertPath</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">=</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:#D69D85;background:black;mso-highlight:black">@"C:\Program Files (x86)\RabbitMQ Server\rabbitmq_server-3.2.3\certificates\p12\ClientCertificate.p12"</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">;<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-autospace:none"><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">cf</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">Ssl</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">CertPassphrase</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">=</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:#D69D85;background:black;mso-highlight:black">"rabbitmq"</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">;<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-autospace:none"><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">cf</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">Ssl</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">Enabled</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">=</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:#569CD6;background:black;mso-highlight:black">true</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">;<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-autospace:none"><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">cf</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">Ssl</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">AcceptablePolicyErrors</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">=</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">System</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">Net</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">Security</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:#B8D7A3;background:black;mso-highlight:black">SslPolicyErrors</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">RemoteCertificateNameMismatch</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">|</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-autospace:none"><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">System</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">Net</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">Security</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:#B8D7A3;background:black;mso-highlight:black">SslPolicyErrors</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">RemoteCertificateChainErrors</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">|</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">
</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">System</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">Net</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">Security</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:#B8D7A3;background:black;mso-highlight:black">SslPolicyErrors</span><span style="font-size:9.5pt;font-family:Consolas;color:#B4B4B4;background:black;mso-highlight:black">.</span><span style="font-size:9.5pt;font-family:Consolas;color:white;background:black;mso-highlight:black">RemoteCertificateNotAvailable</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro;background:black;mso-highlight:black">;</span><span style="font-size:9.5pt;font-family:Consolas;color:gainsboro"><o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><span style="mso-list:Ignore">11)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">And following is our log:<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">=INFO REPORT==== 27-Mar-2014::14:35:23 ===<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">accepting AMQP connection <0.322.0> (a.b.c.d:2935 -> a.b.c.d:5671)<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><o:p> </o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">=INFO REPORT==== 27-Mar-2014::14:35:23 ===<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">LDAP CHECK: passwordless login for
<a href="mailto:username@domain.com">username@domain.com</a><o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><o:p> </o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">=ERROR REPORT==== 27-Mar-2014::14:35:26 ===<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">closing AMQP connection <0.322.0> (a.b.c.d:2935 -> a.b.c.d:5671):<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">{handshake_error,starting,0,<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {exit,as_user_no_password,'connection.start_ok',<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> [{rabbit_auth_backend_ldap,creds,2,[]},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {rabbit_auth_backend_ldap,check_user_login,2,[]},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {rabbit_access_control,'-check_user_login/2-fun-0-',4,[]},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {lists,foldl,3,[{file,"lists.erl"},{line,1248}]},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {rabbit_reader,auth_phase,2,[]},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {rabbit_reader,handle_method0,3,[]},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {rabbit_reader,handle_input,3,[]},<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> {rabbit_reader,recvloop,2,[]}]}}<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><o:p> </o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">And the .net error is “Possibly caused by authentication failure”<o:p></o:p></span></p>
<p class="MsoListParagraph"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Vinay<o:p></o:p></span></p>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="1">This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please
delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any commodities, financial risk management products, or other
physical or financial product or service, an official confirmation of any transaction, or an official statement of EDF Trading Limited, EDF Trading Markets Limited, EDF Trading North America, LLC, or any of the EDF Group family of companies. Any views or opinions
presented are solely those of the author and do not necessarily represent those of the foregoing entities. EDF Trading Markets Limited is authorised and regulated by the Financial Conduct Authority. VAT number: GB 735 5479 07. EDF Trading Markets Limited and
EDF Trading North America, LLC are members of the EDF Group of companies. EDF Trading Markets Limited maintains its registered office at 80 Victoria Street, 3rd Floor, Cardinal Place, London, SW1E 5JL. A Company registered in England No. 4255974. EDF Trading
North America, LLC is headquartered in the United States at 4700 W. Sam Houston Pkwy., Suite 250, Houston, TX 77041<br>
<br>
</font>
</body>
</html>