Connecting to RabbitMQ over SSL using .NET
1,875 views
Skip to first unread message
Роман Копаев
Sep 17, 2020, 4:41:33 PM9/17/20
to rabbitmq-users
Hello!
I try to use SSL for connect to RabbitMQ from .NET application.
RabbitMQ 3.8.8, Erlang 22.2, OS Windows
RabbitMQ.Client.Exceptions.BrokerUnreachableException: 'None of the specified endpoints were reachable'
Inner Exception:
IOException: No compatible authentication mechanism found - server offered []advanced.config
[
{ssl, [{versions, ["tlsv1.2", "tlsv1.1"]}]},
{rabbit, [
{auth_backends, [rabbit_auth_backend_ldap]},
{auth_mechanisms, ["PLAIN", "AMQPLAIN", "EXTERNAL"]},
{ssl_listeners, [5671]},
{ssl_options, [
{cacertfile,"C:\\Program Files\\RabbitMQ SSL\\cacert.pem"},
{certfile,"C:\\Program Files\\RabbitMQ SSL\\cert.pem"},
{keyfile,"C:\\Program Files\\RabbitMQ SSL\\key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}
]}
]},
{rabbitmq_auth_backend_ldap, [
{servers, ["corp.mydamain.com", "10.10.0.4", "10.10.0.6"]},
{user_dn_pattern, "cn=${username},OU=IT,OU=USR,DC=corp,DC=mydamain,DC=com"},
{dn_lookup_attribute, "userPrincipalName"},
{dn_lookup_base, "DC=corp,DC=mydamain,DC=com"},
{user_dn_pattern, "${username}@corp.mydamain.com"},
{use_ssl, false},
{port, 389},
{log, true},
{vhost_access_query, {in_group, "CN=GRP_ORG.IT,OU=ORG,OU=GRP,DC=corp,DC=mydamain,DC=com"}},
{resource_access_query, {in_group, "CN=GRP_ORG.IT,OU=ORG,OU=GRP,DC=corp,DC=mydamain,DC=com"}},
{tag_queries, [
{administrator, {constant, false}},
{management, {constant, true}}
]}
]}
].rabbitmq_auth_mechanism_ssl plugin is enabled.
I use .NET RabbitMQ.Client 5.2.0
Source code
var factory = new ConnectionFactory
{
HostName = "dtc01-betst1",
Port = AmqpTcpEndpoint.DefaultAmqpSslPort,
VirtualHost = "/",
AuthMechanisms = new AuthMechanismFactory[] { new ExternalMechanismFactory() }
};
factory.Ssl.ServerName = "dtc01-betst1.corp.mydamain.com";
factory.Ssl.CertPath = "cert.pem"; // the same file as in {certfile,"C:\\Program Files\\RabbitMQ SSL\\cert.pem"} in advanced.config
factory.Ssl.CertPassphrase = "";
factory.Ssl.Enabled = true;
factory.Ssl.Version = SslProtocols.Tls12;
using (var con = factory.CreateConnection())
using (var channel = con.CreateModel())
{
...
}
Jason Ipock
Sep 17, 2020, 5:04:12 PM9/17/20
to rabbitmq-users
I'm not an expert by any means, but I am using certificates for transport layer security.
That being said, have you tried not setting the AuthMechanisms property in the connection factory? I've not set this property, and i have a TLS connection set up in the .NET client.
Роман Копаев
Sep 18, 2020, 3:54:15 AM9/18/20
to rabbitmq-users
Yes, I tried to remove the line with the AuthMechanisms parameter - the error is exactly the same
пятница, 18 сентября 2020 г. в 00:04:12 UTC+3, jason...@protonmail.com:
Jason Ipock
Sep 18, 2020, 9:19:52 AM9/18/20
to rabbitm...@googlegroups.com
At this point, I would recommend to again go through the steps at: https://www.rabbitmq.com/troubleshooting-ssl.html . It has worked for me after going through everything. I have some additional comments as well.
- Be sure to run the rabbitmq-diagnostics listeners command and note the configured TLS ports. Double-check that the port property you set on the client (DefaultAmqpSslPort) matches the listed port (It should be 5671, but at this point it is good to re-check.
- If it still does not work, it would be interesting to alter your configuration file to use the basic configuration file, matching the configurations mentioned here: https://www.rabbitmq.com/ssl.html . Even if you eventually revert to having everything in your advanced.config, it is good for re-checking your entries.
- It is good to use a tool like openssl (using the s_client connect options) to re-check your ports and TLS settings on the RabbitMQ instance. If the s_client command works, then the issue is with the .NET client. If it does not, then you've isolated the issue to the server.
Just some thoughts.. Good hunting.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
--You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/9b0a8f00-b050-46a6-95df-495c43531d56n%40googlegroups.com.
Luke Bakken
Sep 18, 2020, 9:52:29 AM9/18/20
to rabbitmq-users
Hello,
Change your configuration file to use forward slashes instead of backslashes for paths:
{cacertfile,"C:/Program Files/RabbitMQ SSL/cacert.pem"}
Then, restart RabbitMQ. Please provide the following information:
{cacertfile,"C:/Program Files/RabbitMQ SSL/cacert.pem"}
Then, restart RabbitMQ. Please provide the following information:
- Attach your full RabbitMQ log file.
- Run rabbitmqctl.bat environment, save the output, and attach it.
Thanks,
Luke
Luke Bakken
Sep 18, 2020, 9:53:25 AM9/18/20
to rabbitmq-users
Thanks Jason, these are all great suggestions.
Роман Копаев
Sep 18, 2020, 4:12:32 PM9/18/20
to rabbitmq-users
I split the config into two files and shorten the file paths:
rabbitmq.conf
rabbitmq.conf
listeners.ssl.default = 5671
ssl_options.cacertfile = C:/cert/cacert.pem
ssl_options.certfile = C:/cert/cert.pem
ssl_options.keyfile = C:/cert/key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = false
ssl_options.versions.1 = tlsv1.2
ssl_options.versions.2 = tlsv1.1
auth_mechanisms.1 = PLAIN
auth_mechanisms.2 = AMQPLAIN
auth_mechanisms.3 = EXTERNAL
## LDAP
auth_backends.1 = ldap
auth_ldap.servers.1 = corp.mydomain.com
auth_ldap.servers.2 = 10.10.0.4
auth_ldap.servers.3 = 10.10.0.6
auth_ldap.port = 636
auth_ldap.use_ssl = true
auth_ldap.user_dn_pattern = ${username}@corp.mydomain.com
auth_ldap.dn_lookup_attribute = userPrincipalName
auth_ldap.dn_lookup_base = DC=corp,DC=mydomain,DC=com
auth_ldap.log = trueadvanced.config
[
{rabbitmq_auth_backend_ldap, [
{vhost_access_query, {in_group, "CN=GRP_ORG.IT,OU=ORG,OU=GRP,DC=corp,DC=mydamain,DC=com"}},
{resource_access_query, {in_group, "CN=GRP_ORG.IT,OU=ORG,OU=GRP,DC=corp,DC=mydamain,DC=com"}},
{tag_queries, [
{administrator, {constant, false}},
{management, {constant, true}}
]}
]}
].Now, I am getting another error:
AuthenticationFailureException: ACCESS_REFUSED - Login was refused using authentication mechanism EXTERNAL. For details see the broker logfile.
At the same time, there is no connection record in the log file.
TLS listener launched
C:\Program Files\RabbitMQ Server\rabbitmq_server-3.8.8\sbin>rabbitmq-diagnostics listeners
Asking node rabbit@DTC01-CRMBETST1 to report its protocol listeners ...
Interface: [::], port: 15672, protocol: http, purpose: HTTP API
Interface: 0.0.0.0, port: 15672, protocol: http, purpose: HTTP API
Interface: [::], port: 25672, protocol: clustering, purpose: inter-node and CLI tool communication
Interface: [::], port: 5672, protocol: amqp, purpose: AMQP 0-9-1 and AMQP 1.0
Interface: 0.0.0.0, port: 5672, protocol: amqp, purpose: AMQP 0-9-1 and AMQP 1.0
Interface: [::], port: 5671, protocol: amqp/ssl, purpose: AMQP 0-9-1 and AMQP 1.0 over TLS
Interface: 0.0.0.0, port: 5671, protocol: amqp/ssl, purpose: AMQP 0-9-1 and AMQP 1.0 over TLSEnvironment
C:\Program Files\RabbitMQ Server\rabbitmq_server-3.8.8\sbin>rabbitmq-diagnostics environment
Application environment of node rabbit@DTC01-BETST1 ...
[{amqp_client,
[{prefer_ipv6,false},{ssl_options,[]},{writer_gc_threshold,1000000000}]},
{asn1,[]},
{aten,
[{detection_threshold,0.99},
{heartbeat_interval,100},
{poll_interval,1000},
{scaling_factor,1.5}]},
{compiler,[]},
{cowboy,[]},
{cowlib,[]},
{credentials_obfuscation,[{enabled,true}]},
{crypto,[{fips_mode,false},{rand_cache_size,896}]},
{cuttlefish,[]},
{eldap,[]},
{gen_batch_server,[]},
{goldrush,[]},
{inets,[]},
{jsx,[]},
{kernel,
[{inet_default_connect_options,[{nodelay,true}]},
{inet_dist_listen_max,25672},
{inet_dist_listen_min,25672},
{logger,
[{handler,default,logger_std_h,
#{config => #{type => standard_io},
formatter =>
{logger_formatter,
#{legacy_header => true,single_line => false}}}}]},
{logger_level,notice},
{logger_sasl_compatible,false},
{shutdown_func,{rabbit_prelaunch,shutdown_func}}]},
{lager,
[{async_threshold,20},
{async_threshold_window,5},
{colored,false},
{colors,
[{debug,"\e[0;38m"},
{info,"\e[1;37m"},
{notice,"\e[1;36m"},
{warning,"\e[1;33m"},
{error,"\e[1;31m"},
{critical,"\e[1;35m"},
{alert,"\e[1;44m"},
{emergency,"\e[1;41m"}]},
{crash_log,"log/crash.log"},
{crash_log_count,5},
{crash_log_date,"$D0"},
{crash_log_msg_size,65536},
{crash_log_rotator,lager_rotator_default},
{crash_log_size,10485760},
{error_logger_format_raw,true},
{error_logger_hwm,5000},
{error_logger_hwm_original,50},
{error_logger_redirect,true},
{extra_sinks,
[{error_logger_lager_event,
[{handlers,[{lager_forwarder_backend,[lager_event,info]}]},
{rabbit_handlers,
[{lager_forwarder_backend,[lager_event,info]}]}]},
{rabbit_log_lager_event,
[{handlers,[{lager_forwarder_backend,[lager_event,info]}]},
{rabbit_handlers,
[{lager_forwarder_backend,[lager_event,info]}]}]},
{rabbit_log_channel_lager_event,
[{handlers,[{lager_forwarder_backend,[lager_event,info]}]},
{rabbit_handlers,
[{lager_forwarder_backend,[lager_event,info]}]}]},
{rabbit_log_connection_lager_event,
[{handlers,[{lager_forwarder_backend,[lager_event,info]}]},
{rabbit_handlers,
[{lager_forwarder_backend,[lager_event,info]}]}]},
{rabbit_log_feature_flags_lager_event,
[{handlers,[{lager_forwarder_backend,[lager_event,info]}]},
{rabbit_handlers,
[{lager_forwarder_backend,[lager_event,info]}]}]},
{rabbit_log_federation_lager_event,
[{handlers,[{lager_forwarder_backend,[lager_event,info]}]},
{rabbit_handlers,
[{lager_forwarder_backend,[lager_event,info]}]}]},
{rabbit_log_ldap_lager_event,
[{handlers,[{lager_forwarder_backend,[lager_event,info]}]},
{rabbit_handlers,
[{lager_forwarder_backend,[lager_event,info]}]}]},
{rabbit_log_mirroring_lager_event,
[{handlers,[{lager_forwarder_backend,[lager_event,info]}]},
{rabbit_handlers,
[{lager_forwarder_backend,[lager_event,info]}]}]},
{rabbit_log_prelaunch_lager_event,
[{handlers,[{lager_forwarder_backend,[lager_event,info]}]},
{rabbit_handlers,
[{lager_forwarder_backend,[lager_event,info]}]}]},
{rabbit_log_queue_lager_event,
[{handlers,[{lager_forwarder_backend,[lager_event,info]}]},
{rabbit_handlers,
[{lager_forwarder_backend,[lager_event,info]}]}]},
{rabbit_log_ra_lager_event,
[{handlers,[{lager_forwarder_backend,[lager_event,info]}]},
{rabbit_handlers,
[{lager_forwarder_backend,[lager_event,info]}]}]},
{rabbit_log_shovel_lager_event,
[{handlers,[{lager_forwarder_backend,[lager_event,info]}]},
{rabbit_handlers,
[{lager_forwarder_backend,[lager_event,info]}]}]},
{rabbit_log_upgrade_lager_event,
[{handlers,
[{lager_file_backend,
[{date,[]},
{file,
"c:/Users/user/AppData/Roaming/RabbitMQ/log/rabbit@DTC01-BETST1_upgrade.log"},
{formatter_config,
[date," ",time," ",color,"[",severity,"] ",
{pid,[]},
" ",message,"\n"]},
{level,info},
{size,0}]}]},
{rabbit_handlers,
[{lager_file_backend,
[{date,[]},
{file,
"c:/Users/user/AppData/Roaming/RabbitMQ/log/rabbit@DTC01-BETST1_upgrade.log"},
{formatter_config,
[date," ",time," ",color,"[",severity,"] ",
{pid,[]},
" ",message,"\n"]},
{level,info},
{size,0}]}]}]}]},
{handlers,
[{lager_file_backend,
[{date,[]},
{file,
"c:/Users/user/AppData/Roaming/RabbitMQ/log/rab...@DTC01-BETST1.log"},
{formatter_config,
[date," ",time," ",color,"[",severity,"] ",
{pid,[]},
" ",message,"\n"]},
{level,debug},
{size,0}]}]},
{log_root,"c:/Users/user/AppData/Roaming/RabbitMQ/log"},
{rabbit_handlers,
[{lager_file_backend,
[{date,[]},
{file,
"c:/Users/user/AppData/Roaming/RabbitMQ/log/rab...@DTC01-BETST1.log"},
{formatter_config,
[date," ",time," ",color,"[",severity,"] ",
{pid,[]},
" ",message,"\n"]},
{level,debug},
{size,0}]}]}]},
{mnesia,
[{dir,
"c:/Users/user/AppData/Roaming/RabbitMQ/db/rabbit@DTC01-BETST1-mnesia"}]},
{observer_cli,[{plugins,[]}]},
{os_mon,
[{start_cpu_sup,false},
{start_disksup,false},
{start_memsup,false},
{start_os_sup,false}]},
{public_key,[]},
{ra,[{data_dir,
"c:/Users/user/AppData/Roaming/RabbitMQ/db/rabbit@DTC01-BETST1-mnesia/quorum"},
{logger_module,rabbit_log_ra_shim},
{wal_max_batch_size,4096},
{wal_max_size_bytes,536870912}]},
{rabbit,
[{auth_backends,[rabbit_auth_backend_ldap]},
{auth_mechanisms,['EXTERNAL','AMQPLAIN','PLAIN']},
{autocluster,
[{peer_discovery_backend,rabbit_peer_discovery_classic_config}]},
{autoheal_state_transition_timeout,60000},
{background_gc_enabled,false},
{background_gc_target_interval,60000},
{backing_queue_module,rabbit_priority_queue},
{channel_max,2047},
{channel_operation_timeout,15000},
{channel_tick_interval,60000},
{cluster_keepalive_interval,10000},
{cluster_nodes,{[],disc}},
{cluster_partition_handling,ignore},
{collect_statistics,fine},
{collect_statistics_interval,5000},
{config_entry_decoder,[{passphrase,undefined}]},
{connection_max,infinity},
{credit_flow_default_credit,{400,200}},
{default_consumer_prefetch,{false,0}},
{default_permissions,[<<".*">>,<<".*">>,<<".*">>]},
{default_user,<<"guest">>},
{default_user_tags,[administrator]},
{default_vhost,<<"/">>},
{delegate_count,16},
{disk_free_limit,50000000},
{disk_monitor_failure_retries,10},
{disk_monitor_failure_retry_interval,120000},
{enabled_plugins_file,
"c:/Users/user/AppData/Roaming/RabbitMQ/enabled_plugins"},
{feature_flags_file,
"c:/Users/user/AppData/Roaming/RabbitMQ/db/rabbit@DTC01-BETST1-feature_flags"},
{fhc_read_buffering,false},
{fhc_write_buffering,true},
{frame_max,131072},
{halt_on_upgrade_failure,true},
{handshake_timeout,10000},
{heartbeat,60},
{lager_default_file,
"c:/Users/user/AppData/Roaming/RabbitMQ/log/rab...@DTC01-BETST1.log"},
{lager_log_root,"c:/Users/user/AppData/Roaming/RabbitMQ/log"},
{lager_upgrade_file,
"c:/Users/user/AppData/Roaming/RabbitMQ/log/rabbit@DTC01-BETST1_upgrade.log"},
{lazy_queue_explicit_gc_run_operation_threshold,1000},
{log,
[{file,
[{file,
"c:/Users/user/AppData/Roaming/RabbitMQ/log/rab...@DTC01-BETST1.log"}]},
{categories,
[{upgrade,
[{file,
"c:/Users/user/AppData/Roaming/RabbitMQ/log/rabbit@DTC01-BETST1_upgrade.log"}]}]}]},
{loopback_users,[<<"guest">>]},
{max_message_size,134217728},
{memory_monitor_interval,2500},
{mirroring_flow_control,true},
{mirroring_sync_batch_size,4096},
{mnesia_table_loading_retry_limit,10},
{mnesia_table_loading_retry_timeout,30000},
{msg_store_credit_disc_bound,{4000,800}},
{msg_store_file_size_limit,16777216},
{msg_store_index_module,rabbit_msg_store_ets_index},
{msg_store_io_batch_size,4096},
{msg_store_shutdown_timeout,600000},
{num_ssl_acceptors,10},
{num_tcp_acceptors,10},
{password_hashing_module,rabbit_password_hashing_sha256},
{plugins_dir,
"c:/Program Files/RabbitMQ Server/rabbitmq_server-3.8.8/plugins"},
{plugins_expand_dir,
"c:/Users/user/AppData/Roaming/RabbitMQ/db/rabbit@DTC01-BETST1-plugins-expand"},
{proxy_protocol,false},
{queue_explicit_gc_run_operation_threshold,1000},
{queue_index_embed_msgs_below,4096},
{queue_index_max_journal_entries,32768},
{quorum_cluster_size,5},
{quorum_commands_soft_limit,32},
{reverse_dns_lookups,false},
{server_properties,[]},
{ssl_allow_poodle_attack,false},
{ssl_apps,[asn1,crypto,public_key,ssl]},
{ssl_cert_login_from,distinguished_name},
{ssl_handshake_timeout,5000},
{ssl_listeners,[5671]},
{ssl_options,
[{keyfile,"C:/cert/key.pem"},
{certfile,"C:/cert/cert.pem"},
{cacertfile,"C:/cert/cacert.pem"},
{fail_if_no_peer_cert,false},
{verify,verify_peer},
{versions,['tlsv1.1','tlsv1.2']}]},
{tcp_listen_options,
[{backlog,128},
{nodelay,true},
{linger,{true,0}},
{exit_on_close,false}]},
{tcp_listeners,[{"auto",5672}]},
{trace_vhosts,[]},
{vhost_restart_strategy,continue},
{vm_memory_calculation_strategy,rss},
{vm_memory_high_watermark,0.4},
{vm_memory_high_watermark_paging_ratio,0.5},
{writer_gc_threshold,1000000000}]},
{rabbit_common,[]},
{rabbitmq_auth_backend_ldap,
[{anon_auth,false},
{dn_lookup_attribute,"userPrincipalName"},
{dn_lookup_base,"DC=corp,DC=mydomain,DC=com"},
{dn_lookup_bind,as_user},
{group_lookup_base,none},
{idle_timeout,300000},
{log,true},
{other_bind,as_user},
{pool_size,64},
{port,636},
{resource_access_query,
{in_group,"CN=GRP_ORG.IT,OU=ORG,OU=GRP,DC=corp,DC=mydomain,DC=com"}},
{servers,["10.10.0.6","10.10.0.4","corp.mydomain.com"]},
{ssl_options,[]},
{tag_queries,
[{administrator,{constant,false}},{management,{constant,true}}]},
{timeout,infinity},
{topic_access_query,{constant,true}},
{use_ssl,true},
{use_starttls,false},
{user_bind_pattern,none},
{user_dn_pattern,"${username}@corp.mydomain.com"},
{vhost_access_query,
{in_group,
"CN=GRP_ORG.IT,OU=ORG,OU=GRP,DC=corp,DC=mydomain,DC=com"}}]},
{rabbitmq_auth_mechanism_ssl,[{name_from,distinguished_name}]},
{rabbitmq_management,
[{content_security_policy,
"script-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'"},
{cors_allow_origins,[]},
{cors_max_age,1800},
{http_log_dir,none},
{load_definitions,none},
{management_db_cache_multiplier,5},
{process_stats_gc_timeout,300000},
{stats_event_max_backlog,250}]},
{rabbitmq_management_agent,
[{rates_mode,basic},
{sample_retention_policies,
[{global,[{605,5},{3660,60},{29400,600},{86400,1800}]},
{basic,[{605,5},{3600,60}]},
{detailed,[{605,5}]}]}]},
{rabbitmq_prelaunch,[]},
{rabbitmq_web_dispatch,[]},
{ranch,[]},
{recon,[]},
{sasl,[{errlog_type,error},{sasl_error_logger,false}]},
{ssl,[{dtls_protocol_version,['dtlsv1.2']},{protocol_version,['tlsv1.2']}]},
{stdlib,[]},
{stdout_formatter,[]},
{syntax_tools,[]},
{sysmon_handler,
[{busy_dist_port,true},
{busy_port,false},
{gc_ms_limit,0},
{heap_word_limit,0},
{port_limit,100},
{process_limit,100},
{schedule_ms_limit,0}]},
{tools,[{file_util_search_methods,[{[],[]},{"ebin","esrc"},{"ebin","src"}]}]},
{xmerl,[]}]I try to use openssl and connected to RMQ:
PS C:\Program Files\OpenSSL-Win64\bin> .\openssl.exe s_client -connect dtc01-betst1.corp.gpbl.ru:5671
CONNECTED(000001AC)
depth=1 DC = com, DC = mydomain, DC = corp, CN = unit
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=1 DC = com, DC = mydomain, DC = corp, CN = unit
verify return:1
---
...
---
Acceptable client certificate CA names
DC = com, DC = mydomin, DC = corp, CN = unit
Client Certificate Types: ECDSA sign, RSA sign, DSA sign
Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2974 bytes and written 468 bytes
Verification error: self signed certificate in certificate chain
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 3D9FA7995C7442ED2AC8D3097E8858A8D05EB8319B154971CDAB0E0EB6BB8CEB
Session-ID-ctx:
Master-Key: 27DCCF27450995E2C5A1EA8F9E7226BE1801F7BED6F0A84A7474A0ECA25AEFBE9ACC59FD22EC116EEA3271AAE5ABC24A
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1600455164
Timeout : 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
Extended master secret: no
---
read:errno=0Perhaps the problem is that it is a self-signed certificate: Verify return code: 19 (self signed certificate in certificate chain)
I added this line to the code:
and
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;factory.Ssl.AcceptablePolicyErrors = System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors
| System.Net.Security.SslPolicyErrors.RemoteCertificateNameMismatch
| System.Net.Security.SslPolicyErrors.RemoteCertificateNotAvailable;But that didn't solve the problem :(
Luke Bakken
Sep 18, 2020, 5:37:26 PM9/18/20
to rabbitmq-users
Hello,
That's a great start. You should remove all LDAP configuration and attempt to debug using just the internal auth backend. Change RabbitMQ's log level to debug and you will see more information.
When you authenticate using EXTERNAL and X509 certificates, the entire DN of the certificate is used which is probably not what you want. If you want to just use the common name, see this:
Thanks,
Luke
Reply all
Reply to author
Forward
0 new messages