Need Help for error: RabbitMQ.Client.Exceptions.BrokerUnreachableException
12 views
Skip to first unread message
Shrikant Borole
Dec 26, 2022, 5:28:39 AM12/26/22
to rabbitmq-discuss
Hey Team,
I am new to rabbitMQ. I enabled TLS for rabbitMQ on my local. As a part of it I created the certificate on my WINDOWS machine as discussed in the https://www.rabbitmq.com/ssl.html.
Also updated the rabbitMQ.config file as below:
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [
{cacertfile,"/etc/ca_certificate.pem"},
{certfile,"/etc/private_key.pem"},
{keyfile,"/etc/server_certificate.pem"},
{password, "MySecretPassword"},
{verify,verify_peer},
{fail_if_no_peer_cert,true}
]}
]}
].
Steps followed to create the certificates:
Bash Cmd Prompt:
cd /C/temp/ThirdOne
mkdir testca
cd testca
mkdir certs private
chmod 700 private
echo 01 > serial
touch index.txt
Using OpenSSL CMD
openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 -out ca_certificate.pem -outform PEM -subj /CN=MyTestCA/ -nodes
openssl x509 -in ca_certificate.pem -out ca_certificate.cer -outform DER
mkdir server
cd server
openssl genrsa -out private_key.pem 2048
openssl req -new -key private_key.pem -out req.pem -outform PEM -subj /CN=desktop-s08pnk3/O=server/ -nodes
cd..
openssl ca -config openssl.cnf -in ./server/req.pem -out ./server/server_certificate.pem -notext -batch -extensions server_ca_extensions
openssl pkcs12 -export -out ./server/server_certificate.p12 -in ./server/server_certificate.pem -inkey ./server/private_key.pem -passout pass:MySecretPassword
mkdir client
cd client
openssl genrsa -out private_key.pem 2048
openssl req -new -key private_key.pem -out req.pem -outform PEM -subj /CN=desktop-s08pnk3/O=client/ -nodes
cd..
openssl ca -config openssl.cnf -in ./client/req.pem -out ./client/client_certificate.pem -notext -batch -extensions client_ca_extensions
openssl pkcs12 -export -out ./client/client_certificate.p12 -in ./client/client_certificate.pem -inkey ./client/private_key.pem -passout pass:MySecretPassword
On top of it I installed the certificate of client on Local.
NOTE: My client and server are both are local machine only.
Code that I am using for connecting to rabbit MQ:
private static void RabbitMQWithSSLEnable()
{
try
{
string rabbitmqHostName = "desktop-s08pnk3";
string rabbitmqServerName = "desktop-s08pnk3";
string certificateFilePath = @"C:\temp\ThirdOne\client\client_certificate.pem";
string certificatePassphrase = "MySecretPassword";
string rabbitmqUsername = "test";
string rabbitmqPassword = "test";
var factory = new ConnectionFactory();
factory.HostName = rabbitmqHostName;
factory.UserName = rabbitmqUsername;
factory.Password = rabbitmqPassword;
//factory.Uri = new Uri("amqps://test:test@desktop-s08pnk3");
factory.AuthMechanisms = new IAuthMechanismFactory[] { new ExternalMechanismFactory() };
// Note: This should NEVER be "localhost"
factory.Ssl.ServerName = rabbitmqServerName;
// Path to my .p12 file.
factory.Ssl.CertPath = certificateFilePath;
// Passphrase for the certificate file - set through OpenSSL
factory.Ssl.CertPassphrase = certificatePassphrase;
factory.Ssl.Enabled = true;
// Make sure TLS 1.2 is supported & enabled by your operating system
factory.Ssl.Version = SslProtocols.Tls12;
// This is the default RabbitMQ secure port
factory.Port = 15672;
factory.VirtualHost = "/";
factory.Ssl.AcceptablePolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch | SslPolicyErrors.RemoteCertificateNotAvailable;
//System.Net.ServicePointManager.Expect100Continue = false;
using (var connection = factory.CreateConnection())
{
using (var channel = connection.CreateModel())
{
// publish some messages...
}
}
}
catch (System.Exception ex)
{
var error = ex.ToString();
System.Console.WriteLine(error);
}
}
The above code is throwing error:
RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable
---> System.AggregateException: One or more errors occurred. (Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..)
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken)
at System.Net.Security.SslStream.BeginAuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
at System.Net.Security.SslStream.BeginAuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation, AsyncCallback asyncCallback, Object asyncState)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__64_1(String arg1, X509CertificateCollection arg2, SslProtocols arg3, AsyncCallback callback, Object state)
at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2,TArg3](Func`6 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, TArg3 arg3, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2,TArg3](Func`6 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, TArg3 arg3, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2,TArg3](Func`6 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, TArg3 arg3, Object state)
at System.Net.Security.SslStream.AuthenticateAsClientAsync(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at RabbitMQ.Client.Impl.SslHelper.<>c__DisplayClass2_0.<TcpUpgrade>b__0(SslOption opts)
at RabbitMQ.Client.Impl.SslHelper.TcpUpgrade(Stream tcpStream, SslOption options)
at RabbitMQ.Client.Impl.SocketFrameHandler..ctor(AmqpTcpEndpoint endpoint, Func`2 socketFactory, TimeSpan connectionTimeout, TimeSpan readTimeout, TimeSpan writeTimeout)
at RabbitMQ.Client.Framing.Impl.IProtocolExtensions.CreateFrameHandler(IProtocol protocol, AmqpTcpEndpoint endpoint, ArrayPool`1 pool, Func`2 socketFactory, TimeSpan connectionTimeout, TimeSpan readTimeout, TimeSpan writeTimeout)
at RabbitMQ.Client.ConnectionFactory.CreateFrameHandler(AmqpTcpEndpoint endpoint)
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
--- End of inner exception stack trace ---
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
at RabbitMQ.Client.Framing.Impl.AutorecoveringConnection.Init(IEndpointResolver endpoints)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
--- End of inner exception stack trace ---
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection()
at RabbitMQ.Explore.Program.RabbitMQWithSSLEnable() in C:\Users\warke\source\repos\RabbitMQ.Explore\RabbitMQ.Explore\Program.cs:line 71
Below are the things that I tried:
A) Enabled the TLS on internet options.
B) Enabled Ports also.
Can any please help me to get it resolved?
Thanks,
Shrikant Borole
I am new to rabbitMQ. I enabled TLS for rabbitMQ on my local. As a part of it I created the certificate on my WINDOWS machine as discussed in the https://www.rabbitmq.com/ssl.html.
Also updated the rabbitMQ.config file as below:
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [
{cacertfile,"/etc/ca_certificate.pem"},
{certfile,"/etc/private_key.pem"},
{keyfile,"/etc/server_certificate.pem"},
{password, "MySecretPassword"},
{verify,verify_peer},
{fail_if_no_peer_cert,true}
]}
]}
].
Steps followed to create the certificates:
Bash Cmd Prompt:
cd /C/temp/ThirdOne
mkdir testca
cd testca
mkdir certs private
chmod 700 private
echo 01 > serial
touch index.txt
Using OpenSSL CMD
openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 -out ca_certificate.pem -outform PEM -subj /CN=MyTestCA/ -nodes
openssl x509 -in ca_certificate.pem -out ca_certificate.cer -outform DER
mkdir server
cd server
openssl genrsa -out private_key.pem 2048
openssl req -new -key private_key.pem -out req.pem -outform PEM -subj /CN=desktop-s08pnk3/O=server/ -nodes
cd..
openssl ca -config openssl.cnf -in ./server/req.pem -out ./server/server_certificate.pem -notext -batch -extensions server_ca_extensions
openssl pkcs12 -export -out ./server/server_certificate.p12 -in ./server/server_certificate.pem -inkey ./server/private_key.pem -passout pass:MySecretPassword
mkdir client
cd client
openssl genrsa -out private_key.pem 2048
openssl req -new -key private_key.pem -out req.pem -outform PEM -subj /CN=desktop-s08pnk3/O=client/ -nodes
cd..
openssl ca -config openssl.cnf -in ./client/req.pem -out ./client/client_certificate.pem -notext -batch -extensions client_ca_extensions
openssl pkcs12 -export -out ./client/client_certificate.p12 -in ./client/client_certificate.pem -inkey ./client/private_key.pem -passout pass:MySecretPassword
On top of it I installed the certificate of client on Local.
NOTE: My client and server are both are local machine only.
Code that I am using for connecting to rabbit MQ:
private static void RabbitMQWithSSLEnable()
{
try
{
string rabbitmqHostName = "desktop-s08pnk3";
string rabbitmqServerName = "desktop-s08pnk3";
string certificateFilePath = @"C:\temp\ThirdOne\client\client_certificate.pem";
string certificatePassphrase = "MySecretPassword";
string rabbitmqUsername = "test";
string rabbitmqPassword = "test";
var factory = new ConnectionFactory();
factory.HostName = rabbitmqHostName;
factory.UserName = rabbitmqUsername;
factory.Password = rabbitmqPassword;
//factory.Uri = new Uri("amqps://test:test@desktop-s08pnk3");
factory.AuthMechanisms = new IAuthMechanismFactory[] { new ExternalMechanismFactory() };
// Note: This should NEVER be "localhost"
factory.Ssl.ServerName = rabbitmqServerName;
// Path to my .p12 file.
factory.Ssl.CertPath = certificateFilePath;
// Passphrase for the certificate file - set through OpenSSL
factory.Ssl.CertPassphrase = certificatePassphrase;
factory.Ssl.Enabled = true;
// Make sure TLS 1.2 is supported & enabled by your operating system
factory.Ssl.Version = SslProtocols.Tls12;
// This is the default RabbitMQ secure port
factory.Port = 15672;
factory.VirtualHost = "/";
factory.Ssl.AcceptablePolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch | SslPolicyErrors.RemoteCertificateNotAvailable;
//System.Net.ServicePointManager.Expect100Continue = false;
using (var connection = factory.CreateConnection())
{
using (var channel = connection.CreateModel())
{
// publish some messages...
}
}
}
catch (System.Exception ex)
{
var error = ex.ToString();
System.Console.WriteLine(error);
}
}
The above code is throwing error:
RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable
---> System.AggregateException: One or more errors occurred. (Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..)
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken)
at System.Net.Security.SslStream.BeginAuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
at System.Net.Security.SslStream.BeginAuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation, AsyncCallback asyncCallback, Object asyncState)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__64_1(String arg1, X509CertificateCollection arg2, SslProtocols arg3, AsyncCallback callback, Object state)
at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2,TArg3](Func`6 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, TArg3 arg3, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2,TArg3](Func`6 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, TArg3 arg3, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2,TArg3](Func`6 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, TArg3 arg3, Object state)
at System.Net.Security.SslStream.AuthenticateAsClientAsync(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at RabbitMQ.Client.Impl.SslHelper.<>c__DisplayClass2_0.<TcpUpgrade>b__0(SslOption opts)
at RabbitMQ.Client.Impl.SslHelper.TcpUpgrade(Stream tcpStream, SslOption options)
at RabbitMQ.Client.Impl.SocketFrameHandler..ctor(AmqpTcpEndpoint endpoint, Func`2 socketFactory, TimeSpan connectionTimeout, TimeSpan readTimeout, TimeSpan writeTimeout)
at RabbitMQ.Client.Framing.Impl.IProtocolExtensions.CreateFrameHandler(IProtocol protocol, AmqpTcpEndpoint endpoint, ArrayPool`1 pool, Func`2 socketFactory, TimeSpan connectionTimeout, TimeSpan readTimeout, TimeSpan writeTimeout)
at RabbitMQ.Client.ConnectionFactory.CreateFrameHandler(AmqpTcpEndpoint endpoint)
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
--- End of inner exception stack trace ---
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
at RabbitMQ.Client.Framing.Impl.AutorecoveringConnection.Init(IEndpointResolver endpoints)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
--- End of inner exception stack trace ---
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection()
at RabbitMQ.Explore.Program.RabbitMQWithSSLEnable() in C:\Users\warke\source\repos\RabbitMQ.Explore\RabbitMQ.Explore\Program.cs:line 71
Below are the things that I tried:
A) Enabled the TLS on internet options.
B) Enabled Ports also.
Can any please help me to get it resolved?
Thanks,
Shrikant Borole
Reply all
Reply to author
Forward
0 new messages