[rabbitmq-discuss] rabbitmq-c - "SSL peer cert verification failed"
Dan Berger
dberger at fiveringscapital.com
Thu May 29 21:40:34 BST 2014
The .p12 file I started with does require a password (which I provide to the java and c# clients). For rabbitmq-c I’ve converted the p12 to pem while removing the password and then broken the file down into the 3 components.
From: rabbitmq-discuss [mailto:rabbitmq-discuss-bounces at lists.rabbitmq.com] On Behalf Of alan.antonuk at gmail.com
Sent: Thursday, May 29, 2014 2:44 PM
To: Discussions about RabbitMQ
Subject: Re: [rabbitmq-discuss] rabbitmq-c - "SSL peer cert verification failed"
Does your private key require a password to decrypt it? (rabbitmq-c doesn't provide any hooks to unlock private keys).
-Alan
On Thu May 29 2014 at 8:42:12 AM, Dan Berger <dberger at fiveringscapital.com<mailto:dberger at fiveringscapital.com>> wrote:
I used openssl to extract the CA cert, the certificate chain and the private key into 3 separate file and now I’m running:
openssl s_client -connect myhost.com:50010<http://myhost.com:50010> -key test.key -cert test.crt -CAfile test.cac -verify 10
and I get “Verify return code: 0 (ok)” which I think means success. I still get the same error when running my app with those 3 files.
Any other thoughts?
On Thursday, May 29, 2014 12:10 AM, Dan alan.antonuk at gmail.com<mailto:alan.antonuk at gmail.com> wrote:
You need to provide both the certificate chain file and the private key file (they're not the same file).
To debug this with the openssl s_client command, you'll need to pass in the -verify, -key and -cert flags with appropriate values.
HTH
-Alan
On Wed May 28 2014 at 7:45:52 AM, Dan Berger <dberger at fiveringscapital.com<mailto:dberger at fiveringscapital.com>> wrote:
I’m just starting development on a c++ client app to connect to a vendor’s server.
I’m trying the SimpleAmqpClient library which is built on top of rabbitmq-c.
The provided a self-signed client certificate in .p12 format that I’ve converted to .pem. This contains a public and private key and also a CA public key.
I’m now trying to connect while providing the .pem file as the CA cert, client cert and client private key.
While connecting, I get:
'AmqpClient::AmqpLibraryException'
what(): Error setting client certificate for socket: SSL peer cert verification failed
Digging into rabbitmq-c, I see this is due to the call to amqp_ssl_socket_set_key failing.
Running openssl s_client seems to work fine, so I’m not sure what I’m doing wrong. Any ideas?
-Dan
_______________________________________________
rabbitmq-discuss mailing list
rabbitmq-discuss at lists.rabbitmq.com<mailto:rabbitmq-discuss at lists.rabbitmq.com>
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
_______________________________________________
rabbitmq-discuss mailing list
rabbitmq-discuss at lists.rabbitmq.com<mailto:rabbitmq-discuss at lists.rabbitmq.com>
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140529/a18326d6/attachment.html>
More information about the rabbitmq-discuss
mailing list