<div dir="ltr"><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;">I'm trying to get SSL working on my Rabbit server, following the instructions at https://www.rabbitmq.com/ssl.html , but am getting this error when making connections:</div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><i><font color="#660000">started SSL Listener on [::]:5671<br></font></i></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><i><font color="#660000">error on AMQP connection <0.678.0>: {ssl_upgrade_error,{options,{cacertfile,[47,11... </font></i></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;">in broker log file.<br></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><div><br></div><div>I'm following the SSL troubleshooting guide http://www.rabbitmq.com/troubleshooting-ssl.html<br></div></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><br></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><b>* Check SSL support in Erlang ----- SUCCESS</b></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><span style="font-family: 'Courier New', Courier, monospace; line-height: 18px; font-size: 13px; background-color: rgb(238, 238, 238);"><font color="#660000">ssl:versions().</font></span></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><font color="#660000">SSL version: [{ssl_app,"5.3"},</font></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><font color="#660000"> {supported,['tlsv1.2','tlsv1.1',tlsv1,sslv3]},</font></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><font color="#660000"> {available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]</font></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><font color="#660000">RabbitMQ 3.3.0, Erlang R16B01</font></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><font color="#660000"><br></font></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><font color="#660000">*<b> <span style="font-size: 16px; font-family: Helvetica, Arial, sans-serif;">Check keys and certificates with OpenSSL ------ SUCCESS</span></b></font></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><span style="font-size: 16px; font-family: Helvetica, Arial, sans-serif;"><font color="#660000"><b> </b>openssl client output is listed below </font></span></div><div style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify;"><font color="#660000"><span style="font-size: 16px; font-family: Helvetica, Arial, sans-serif;"> </span><span style="font-family: arial, sans-serif; font-size: 13px;"><i>openssl s_client -connect localhost:8443 -cert client/cert.pem -key </i></span></font><i style="font-family: arial, sans-serif; font-size: 13px;"><font color="#660000">client/key.pem -CAfile testca/cacert.pem</font></i></div><pre style="line-height: 24px; text-align: justify;"><i><font color="#660000">CONNECTED(00000003)
depth=1 CN = MyTestCA
verify return:1
depth=0 CN = primedev, O = server
verify return:1
---
Certificate chain
0 s:/CN=primedev/O=server
i:/CN=MyTestCA
1 s:/CN=MyTestCA
i:/CN=MyTestCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC4TCCAcmgAwIBAgIBATANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhNeVRl
c3RDQTAeFw0xNDA1MjgwNjU2NDNaFw0xNTA1MjgwNjU2NDNaMCQxETAPBgNVBAMM
CHByaW1lZGV2MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC9IW8zoWmE8tUr46rc+QWrPYBlpHefUZ7HP1smlrN9rujrZM7l
ja7w+M7rHJSt0bTQ+dFfu1RTmWHkdgI4YIdgGvmhU3Bcij5Cyxn+vtZUaIAeYGfQ
QfPj6WsNiHOem/ieAkbhX+AvPDD7DBjlrqbo9ZtzeJxkhe/ENWHRlpdPNNpHpvbw
2azTPO55Nb2sDbeUOP0Bv1OieXM3r7CNruFF+KTAzxdC18kUM0Ty4jmwG3L1DFlF
zpm77ByB5DjFdNs+tBZ+1Fi1WrHp2NsSJe0IsCdCF9BG3RacpQv5tt/5/qL/af4G
xDyqebE/G9RwbM6Mnti3wGY34EGMtGFao/vDAgMBAAGjLzAtMAkGA1UdEwQCMAAw
CwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUA
A4IBAQAL4TTARGRyGq/EMtbfkrQbInMoIPaV+VT8X6EKCvBrhjQZZ1bGHBYEBhry
EHQAJ1eiRPPLpVe4zpIP6xU8tiN/sIm4XOyj7hstSTThnixjNgZRmwUt/blMKA0p
PsFEKnAf2brwryO4KJcKbfjLCJfyWje8nXLR9dz/qrJ8+Vwve76lMnAoRqjDw1OF
z08evHevN3Mdb3Hyvd9WFRNMpQkjrmfx+v5dcXcbSOlpwtHIHMmX3Pq7QgXQdyo/
vNmGBYqyLofBwtKMOYbfhoksyJbCOeDCG5fYMUnSI1EqivjLPQX/0Dt2s0UzWOip
G2FWCQGgOKfLHWIawGNQcSpM83x4
-----END CERTIFICATE-----
subject=/CN=primedev/O=server
issuer=/CN=MyTestCA
---
No client certificate CA names sent
---
SSL handshake has read 2176 bytes and written 247 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
81472A55C8EC471863BFC884C40322AC1A5C5FA00C8D845E71A98E122D60185E
Session-ID-ctx:
Master-Key:
BB3BBA13077D4152455620760258906F1CF576966656D4417C3F80B1F7C1B357DCEBA4434363
879177A7AF55332FBC7A
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket:
0000 - 96 aa 8f 94 70 9c 42 0c-1b 44 62 f9 8c a8 42 5d
....p.B..Db...B]
0010 - fb 24 c2 7a 38 4e 69 e5-89 3d 71 ba 8f 59 2a 1a
.$.z8Ni..=q..Y*.
0020 - a0 9d e2 cc a8 fb 3d 71-b5 b3 d6 01 17 d9 22 b9
......=q......".
0030 - 6a 6b 73 59 1b 07 b7 84-23 b2 c7 08 4d 7f 88 2a
jksY....#...M..*
0040 - 6b 75 e5 3c 25 ca 26 da-77 b8 64 ce 72 15 30 da ku.
<%.&.w.d.r.0.
0050 - 5b 11 98 0a 25 dc 96 a3-77 bf b8 a0 e1 38 4e 22
[...%...w....8N"
0060 - 19 78 bc 5b 89 5b 3c f1-d5 17 e8 4f 57 0f 15 dc .x.[.
[<....OW...
0070 - 97 09 d8 7c 64 ce 68 e1-3f 18 95 23 3f 80 6a c7
...|d.h.?..#?.j.
0080 - 63 72 53 20 96 34 51 09-d3 28 8d 8c 73 03 31 a0 crS .4Q..
(..s.1.
0090 - d0 73 3f 6a 19 25 11 10-5f d3 02 d5 92 75 ec f0 .s?
j.%.._....u..
Compression: 1 (zlib compression)
Start Time: 1401261748
Timeout : 300 (sec)
Verify return code: 0 (ok)
---</font></i></pre><pre style="line-height: 24px; text-align: justify;"><i><font color="#cc0000"><br></font></i></pre><pre style="line-height: 24px; text-align: justify;"><b><font color="#000000"><i>* </i><span style="font-size: 16px; font-family: Helvetica, Arial, sans-serif;">Check broker is listening ------ SUCCESS</span></font></b></pre><pre style="line-height: 24px; text-align: justify;"><i style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; white-space: normal;"><font color="#660000">started SSL Listener on [::]:5671</font></i><b><font color="#000000"><span style="font-size: 16px; font-family: Helvetica, Arial, sans-serif;"><br></span></font></b></pre><pre style="line-height: 24px; text-align: justify;"><i style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; white-space: normal;"><font color="#cc0000"><br></font></i></pre><pre style="text-align: justify;"><h3 class="docHeading" style="line-height: 18px; font-family: Helvetica, Arial, sans-serif; margin-top: 20px; margin-bottom: 0.5em; font-size: 1.2em; text-align: left; white-space: normal;"><b><font color="#000000">* Attempt SSL connection to broker ------ FAILED</font></b></h3><div><pre style="line-height: 18px; text-align: left;"><font color="#660000"><i>=INFO REPORT==== ===
accepting AMQP connection <0.223.0> (.... -> 127.0.0.1:5671)</i></font></pre><pre style="line-height: 18px; text-align: left;"><font color="#660000"><i><br></i></font></pre><pre style="line-height: 18px; text-align: left;"><font color="#000000">After this got same error </font></pre><pre style="line-height: 18px; color: rgb(85, 85, 85); text-align: left;"><i style="color: rgb(34, 34, 34); font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify; white-space: normal;"><font color="#660000">error on AMQP connection <0.678.0>: {ssl_upgrade_error,{options,{cacertfile,[47,11... </font></i><br></pre><pre style="line-height: 18px; color: rgb(85, 85, 85); text-align: left;"><i style="color: rgb(34, 34, 34); font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify; white-space: normal;"><font color="#660000"><br></font></i></pre><pre style="line-height: 18px; text-align: left;"><span style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify; white-space: normal;"><font color="#000000">Here is what openssl s_client is showing when trying to connect with rmq ssl port</font></span></pre><pre style="line-height: 18px; text-align: left;"><span style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify; white-space: normal;"><font color="#000000"><br></font></span></pre><pre style="line-height: 18px; text-align: left;"><pre style="line-height: 24px; text-align: justify;"><font color="#660000"><i>openssl s_client -connect localhost:5671 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 113 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---</i></font></pre></pre><pre style="line-height: 18px; text-align: left;"><span style="font-family: palatino, georgia, verdana, arial, sans-serif; font-size: medium; line-height: 24px; text-align: justify; white-space: normal;"><font color="#000000"><br></font></span></pre><pre style="text-align: justify;"><font color="#000000" face="palatino, georgia, verdana, arial, sans-serif" size="3"><span style="line-height: 24px; white-space: normal;">Please help me out to establish a SSL rabbit mq connection. Thanks in advance.</span></font></pre><pre style="text-align: justify;"><font color="#000000" face="palatino, georgia, verdana, arial, sans-serif" size="3"><span style="line-height: 24px; white-space: normal;"><br></span></font></pre><pre style="text-align: justify;"><font color="#000000" face="palatino, georgia, verdana, arial, sans-serif" size="3"><span style="line-height: 24px; white-space: normal;">--</span></font></pre><pre style="text-align: justify;"><font color="#000000" face="palatino, georgia, verdana, arial, sans-serif" size="3"><span style="line-height: 24px; white-space: normal;">Thanks & Regards</span></font></pre><pre style="text-align: justify;"><font color="#000000" face="palatino, georgia, verdana, arial, sans-serif" size="3"><span style="line-height: 24px; white-space: normal;">Narayan</span></font></pre></div></pre></div>