[rabbitmq-discuss] SSL Certificate Verfitcation failures
Daniel Mitchell
daniel.mitchell at gmail.com
Mon Oct 28 17:11:02 GMT 2013
Hi Emile,
Apologies I am using R16B01 I also tested R16B and had the same result but
with ssl_connection.erl instead of tls_connection.erl I've been testing a
few configurations over the weekend on this.
I'm actually getting that error with the test certificates I made following
the SSL example on the RabbitMQ SSL page. Again just with the mosquitto_sub
client and not openssl s_client
Running through the troubleshooting steps show's that erlang does indeed
support tlsv1 and that openssl has validated my handshake by creating a
local server and client.
Very strange issue, I think it sways more to the mosquitto_sub client now
though...
Cheers,
Dan
On 28 October 2013 15:31, Emile Joubert <emile at rabbitmq.com> wrote:
>
> Hi David,
>
> On 28/10/13 12:59, Daniel Mitchell wrote:
>
> > RabbitMQ = 3.2.0
> > OpenSSL = 1.0.1
> > Erlang = R16B
>
> >
> > =ERROR REPORT==== 28-Oct-2013::12:52:02 ===
> > SSL: certify: tls_connection.erl:2286:Fatal error: certificate unknown
>
> tls_connection.erl appeared in R16B01. I'm not sure how you could have
> got that error using R16B. If you are using a patched Erlang VM then
> that might be part of the problem.
>
> The "certificate unknown" error is very generic, according to the
> OpenSSL documentation: "Some other (unspecified) issue arose in
> processing the certificate, rendering it unacceptable."
>
> I would suggest using the techniques described in
> https://www.rabbitmq.com/troubleshooting-ssl.html
> to acquire more diagnostic information.
> Do you get the same error with a certificate that you generate yourself?
>
>
>
>
> -Emile
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20131028/4fd2898e/attachment.htm>
More information about the rabbitmq-discuss
mailing list