[rabbitmq-discuss] Fw: Re: SSL upgrade error cacrtfile

Michael Klishin mklishin at gopivotal.com
Wed Jun 4 13:09:47 BST 2014


On 4 June 2014 at 16:08:14, Narayan Reddy (bvnr.mail at gmail.com) wrote:
> Hi Michael,
> Thanks for your reply, Please help me out to fix this issue.
> 
> *What client do you use?*
> I needs to use the cpp client, but the ssl connection is not happening even
> with openssl util (in s_client mode)
> *Do you configure SSL to any specific version?*
> No, Not aware of this how can i check that can you give me command to check
> 
> *# erl*
> *Erlang R16B (erts-5.10.1) [source] [smp:8:8] [async-threads:10] [hipe]
> [kernel-poll:false]*
> 
> *Eshell V5.10.1 (abort with ^G)*
> *1> ssl:versions().*
> *[{ssl_app,"5.2.1"},*
> * {supported,['tlsv1.2','tlsv1.1',tlsv1,sslv3]},*
> * {available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]*
> *2>*
> *2>*
> 
> 
> *What OS does your client and RabbitMQ run on?*
> # cat /etc/redhat-release
> Red Hat Enterprise Linux Server release 6.2 (Santiago)
> 
> My Rabbitmq.config file
> 
> *# cat /etc/rabbitmq/rabbitmq.config*
> *[*
> * {rabbit, [*
> * {ssl_listeners, [5671]},*
> * {ssl_options, [{cacertfile,"/home/prime/SSL/testca/cacert.pem"},*
> * {certfile,"/home/prime/SSL/server/cert.pem"},*
> * {keyfile,"/home/prime/SSL/server/key.pem"},*
> * {verify,verify_peer},*
> * {fail_if_no_peer_cert,true}]},*
> 
> * {loopback_users, []}*
> * ]}*
> *].*
> 
> Openssl client output:
> 
> *$ openssl s_client -connect localhost:5671 -cert client/cert.pem -key
> client/key.pem -CAfile testca/cacert.pem*
> *CONNECTED(00000003)*
> *write:errno=104*
> *---*
> *no peer certificate available*
> *---*
> *No client certificate CA names sent*
> *---*
> *SSL handshake has read 0 bytes and written 113 bytes*
> *---*
> *New, (NONE), Cipher is (NONE)*
> *Secure Renegotiation IS NOT supported*
> *Compression: NONE*
> *Expansion: NONE*
> *---*
> 
> 
> rabbitmq broker.log
> 
> *=INFO REPORT==== 4-Jun-2014::17:27:17 ===*
> *accepting AMQP connection <0.951.0> (127.0.0.1:38486
> -> 127.0.0.1:5671 )*
> 
> *=ERROR REPORT==== 4-Jun-2014::17:27:22 ===*
> *error on AMQP connection <0.951.0>:
> {ssl_upgrade_error,{options,{cacertfile,[47,104,111,109,101,47,112,114,105,109,101,47,83,83,76,47...* 
> 
> 
> --
> Thanks & Regards
> Narayan
-- 
MK 

Software Engineer, Pivotal/RabbitMQ


More information about the rabbitmq-discuss mailing list