Pika with selfsigned certificates
859 views
Skip to first unread message
Marco Goessens
Jul 19, 2022, 2:16:54 PM7/19/22
to Pika
Hello you all,
i'm trying to create a python script after various C# scripts to connect to RabbitMQ.
I set up RabbitMQ to work with TLS and username/password.
When i try to connect to RMQ with the following code, i get
certificate verify failed: self signed certificate in certificate chain
#!/usr/bin/env python
import logging
import pika
import ssl
from pika.credentials import ExternalCredentials
logging.basicConfig(level=logging.INFO)
context = ssl.create_default_context(cafile="RabbitMQCluster.crt")
context.load_cert_chain("RabbitMQ.crt",
"rabbitkey.pem")
x = pika.PlainCredentials("user","pass")
ssl_options = pika.SSLOptions(context, 'RabbitMQ_Server')
conn_params = pika.ConnectionParameters(host='IP',
port=5671,
ssl_options=ssl_options,
credentials=x,
heartbeat=0)
with pika.BlockingConnection(conn_params) as conn:
ch = conn.channel()
ch.queue_declare("foobar")
ch.basic_publish("", "foobar", "Hello, world!")
print(ch.basic_get("foobar"))
input("Press Enter to continue...")
Can someone help me or explain me why this is not working?
Luke Bakken
Jul 20, 2022, 6:26:50 PM7/20/22
to Pika
Hi Marco,
I'm not sure if Python can use certificates in "crt" format.
Please refer to this guide to troubleshoot your TLS configuration: https://www.rabbitmq.com/troubleshooting-ssl.html
Especially, see this section - https://www.rabbitmq.com/troubleshooting-ssl.html#openssl-tools
Finally, this is how I've created the TLS context in some of my test apps:
context = ssl.create_default_context()
context.verify_mode = ssl.CERT_REQUIRED
context.load_verify_locations(cafile="./certs/ca_certificate.pem")
context.load_cert_chain(
certfile="./certs/client_wildcard.local_certificate.pem",
keyfile="./certs/client_wildcard.local_key.pem",
)
context.verify_mode = ssl.CERT_REQUIRED
context.load_verify_locations(cafile="./certs/ca_certificate.pem")
context.load_cert_chain(
certfile="./certs/client_wildcard.local_certificate.pem",
keyfile="./certs/client_wildcard.local_key.pem",
)
Thanks,
Luke
Adonis Settouf
Jul 21, 2022, 4:03:41 AM7/21/22
to Pika
I've used self signed `.crt`, pretty sure it works. You might want to inspect your certs with `openssl` to make sure they were generated properly
Reply all
Reply to author
Forward
0 new messages