[rabbitmq-discuss] [SPAM] Re: [SPAM] Re: Certificate with more than one intermediate CA
Karras, Thomas
KarrasT at Pragmatics.com
Wed May 7 14:10:27 BST 2014
The standard openssl s_client and s_server work without problem with these certificates. This problem I believe comes from the Erlang ssl library having default values set on properties that cannot be set through the uri query params.
From the erlang docs, http://www.erlang.org/doc/man/ssl.html
"{depth, integer()}
The depth is the maximum number of non-self-issued intermediate certificates that may follow the peer certificate in a valid certification path. So if depth is 0 the PEER must be signed by the trusted ROOT-CA directly, if 1 the path can be PEER, CA, ROOT-CA, if it is 2 PEER, CA, CA, ROOT-CA and so on. The default value is 1."
Thanks,
Thomas
-----Original Message-----
From: Matthias Radestock [mailto:matthias at rabbitmq.com]
Sent: Wednesday, May 07, 2014 8:34 AM
To: Discussions about RabbitMQ; Karras, Thomas
Subject: [SPAM] Re: [rabbitmq-discuss] [SPAM] Re: Certificate with more than one intermediate CA
Importance: Low
On 28/04/14 14:22, Karras, Thomas wrote:
> We have them both federating to each other so both sides report the
> error. The error message comes from the federation plugin attempting
> to connect to the server and failing to successfully negotiate a SSL
> connection.
Can you connect to the upstream using an ordinary client? If not, follow http://www.rabbitmq.com/troubleshooting-ssl.html to narrow down the problem.
Regarding your earlier question...
> I could not find a way to specify client ssl_options for the
> federation plugin.
There isn't one; the SSL-related URI parameters documented at http://www.rabbitmq.com/uri-query-parameters.html are the only ones supported.
Matthias.
More information about the rabbitmq-discuss
mailing list