SSL w/ intermediate certificate

[Carl Hörberg]

Can I somehow include an intermediate certificate in the certfile?

when i try i get the following error in the rabbitmq log when i access the management interface:


=ERROR REPORT==== 11-Mar-2012::14:44:02 ===
SSL: 1084: error:[...skipping...] /etc/rabbitmq/ssl.pem
  [{ssl_connection,init_certificates,5},
   {ssl_connection,ssl_init,2},
   {ssl_connection,init,1},
   {gen_fsm,init_it,6},
   {proc_lib,init_p_do_apply,3}]


=ERROR REPORT==== 11-Mar-2012::17:29:15 ===
    application: mochiweb
    "Accept failed error"
    "{error,ecertfile}"

[Emile Joubert]

Hi Carl,

On 11/03/12 18:05, Carl Hörberg wrote:
> =ERROR REPORT==== 11-Mar-2012::17:29:15 ===
> application: mochiweb
> "Accept failed error"
> "{error,ecertfile}"

This error normally means there is something wrong with the certificate,
but it's not possible to provide a more precise diagnosis without more
details.

You can test it by using the certificate to create an SSL connection
with the OpenSSL s_server option.

How did you create the certificate? You should double-check the commands
used.

-Emile
_______________________________________________
rabbitmq-discuss mailing list
rabbitmq...@lists.rabbitmq.com
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss

[Carl Hörberg]

cat ssl.crt ssl.key intermediate.crt > ssl.pem

anyway.. it seems to work fine with just:

cat ssl.crt ssl.key > ssl.pem

[Carl Hörberg]

it works fine for most web browsers, but not with eg. openssl s_client etc.

but the fix is to put the intermediate certificate(s) in the "cacertfile"

[Emile Joubert]

Hi Carl,

On 13/03/12 22:19, Carl Hörberg wrote:
> but the fix is to put the intermediate certificate(s) in the "cacertfile"

Thanks for reporting back. This is a useful tip for anyone wanting to
make use of intermediate certificates.