[rabbitmq-discuss] Problem opening an SSL connection
Matthew Sackman
matthew at lshift.net
Wed Sep 23 16:50:12 BST 2009
Hi Chris,
On Wed, Sep 23, 2009 at 04:32:13PM +0100, Chris Duncan wrote:
> I wanted to get the simplest case running which is to connect without
> using any certificates. I decided to try to follow the instructions
> in the wiki - https://dev.rabbitmq.com/wiki/SslSupport - and so
> created a rabbit.conf file with similar contents to the example (only
> the paths differ).
Please note that the instructions on that wiki page are not entirely
correct and indeed we are going to remove it. The SSL instructions have
been rewritten and will appear on the main website (not on dev.rabbitmq)
when v1.7 gets released.
> It contains -
>
> RABBITMQ_SERVER_START_ARGS="-rabbit ssl_listeners [{\"0.0.0.0\",
> 5671}] -rabbit ssl_options
> [{cacertfile,\"/path/to/testca/cacert.pem\"},{certfile,\"/path/to/
> server/cert.pem\"},
> {keyfile,\"/path/to/server/key.pem\"},{verify,verify_peer},
> {fail_if_no_peer_cert,false}]"
>
> When I try to connect I get a 'Connection reset by peer' error and
> these entries in rabbit.log -
>
> =INFO REPORT==== 23-Sep-2009::09:22:24 ===
> accepted TCP connection on 0.0.0.0:5671 from 127.0.0.1:51689
>
> =ERROR REPORT==== 23-Sep-2009::09:22:24 ===
> failed to upgrade TCP connection from 127.0.0.1:51689 to SSL:
> {eoptions,{cacertfile,[]}}
I think that it's not happy with your cacert file. That line in your
rabbit.conf file must be one single line. Also make sure there are no
spaces anywhere between the square brackets.
If you can't make any progress, can you send in your cacert.pem,
cert.pem and key.pem files (obviously, fakes, not the real thing!), and
we'll see if we can make it work.
Matthew
More information about the rabbitmq-discuss
mailing list