[rabbitmq-discuss] sslv3 alert handshake failure for TLS Web Server certificates

Nathaniel Haggard natester at gmail.com
Tue Oct 25 00:24:33 BST 2011


A certificate with X509v3 Extended Key Usage of "TLS Web Client
Authentication" will connect to our rabbitmq-2.4.1 server, but a
certificate with "TLS Web Server Authentication" will not.

It fails like this:
$ openssl s_client -host 127.0.0.1 -port 5671 -key my.key -cert my.crt
CONNECTED(00000003)
depth=1 /C=US/ST=../L=...../O=.../CN=testingCA2/emailAddress=me at myhost.mydomain
verify error:num=19:self signed certificate in certificate chain
verify return:0
6837:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1102:SSL alert number 40
6837:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:


However, both types of certificate work with rabbitmq-1.7.2.

Is there a configuration option to accept  "TLS Web Server
Authentication" certificates in rabbitmq-2.4.1?

-Nate


More information about the rabbitmq-discuss mailing list