Issue Faced With ssl_options Password Encryption and Decryption RabbitMq
ยอดดู 52 ครั้ง
ข้ามไปที่ข้อความที่ยังไม่อ่านรายการแรก
Boney Dennis
30 พ.ค. 2567 04:37:5430 พ.ค.
ถึง rabbitmq-users
Hi Team,
Within ssl_options if I specify password directly, our application is able to establish connection successfully with rabbitMQ.
Now we used rabbitmqctl to encrypt the password and specified the encrypted password as per below. Post that our application is unable to connect with RabbitMQ.
Could you please review advanced.config file?
Note: I have put certificates as #####
advanced.config
==============
[
{rabbit, [
{tcp_listeners, [ {'127.0.0.1', 5672}]},
{ssl_listeners, [5671]},
{auth_mechanisms, [
'EXTERNAL',
'PLAIN'
]},
{ssl_cert_login_from, common_name},
{ssl_options, [
{cacertfile, "######"},
{certfile, "######"},
{keyfile, "######"},
{password, "{encrypted,<<""5oQdYKuunuwOgfmoFISd6A+S1eVSAfsPRrEOMmNx8C18hxK4PVBhawYxCHvWleqV9a4FzETawyrzrKOm0VYN+VoIrwrRyhWp4fazfsrrcy7YSgjCjEHIpYgJjvViM8vsZfHoc8riK1qInWCom4Yb1w=="">>}"},
{verify, verify_peer},
{fail_if_no_peer_cert, true}
]},
{log, [
{file, [
{file, "rabbitmq.log"},
{level, info},
{date, "$D0"},
{count, 60}
]}
]},
{config_entry_decoder, [
{passphrase, "passphrase"},
{cipher, aes_256_cbc},
{hash, sha512},
{iterations, 1000}
]}
]},
{rabbitmq_management, [
{listener, [
{port, 15672},
{ip, "127.0.0.1"}
]}
]}
].
Exception Details in Console
=======================
RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable
---> System.AggregateException: One or more errors occurred. (Unable to write data to the transport connection: An existing connection was forcibly closed by the remote host..)
---> System.IO.IOException: Unable to write data to the transport connection: An existing connection was forcibly closed by the remote host..
---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.CreateException(SocketError error, Boolean forAsyncThrow)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.SendAsyncForNetworkStream(Socket socket, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.SendAsyncForNetworkStream(ReadOnlyMemory`1 buffer, SocketFlags socketFlags, CancellationToken cancellationToken)
at System.Net.Sockets.NetworkStream.WriteAsync(ReadOnlyMemory`1 buffer, CancellationToken cancellationToken)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[TStateMachine](TStateMachine& stateMachine)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Security.SslStream.ProcessAuthenticationAsync(Boolean isAsync, Boolean isApm, CancellationToken cancellationToken)
at System.Net.Security.SslStream.AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken)
at System.Net.Security.SslStream.AuthenticateAsClientAsync(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at RabbitMQ.Client.Impl.SslHelper.<>c__DisplayClass2_0.<TcpUpgrade>b__0(SslOption opts)
at RabbitMQ.Client.Impl.SslHelper.TcpUpgrade(Stream tcpStream, SslOption options)
at RabbitMQ.Client.Impl.SocketFrameHandler..ctor(AmqpTcpEndpoint endpoint, Func`2 socketFactory, TimeSpan connectionTimeout, TimeSpan readTimeout, TimeSpan writeTimeout)
at RabbitMQ.Client.ConnectionFactory.CreateFrameHandler(AmqpTcpEndpoint endpoint)
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
at RabbitMQ.Client.Framing.Impl.AutorecoveringConnection.Init(IEndpointResolver endpoints)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection()
Within ssl_options if I specify password directly, our application is able to establish connection successfully with rabbitMQ.
Now we used rabbitmqctl to encrypt the password and specified the encrypted password as per below. Post that our application is unable to connect with RabbitMQ.
Could you please review advanced.config file?
Note: I have put certificates as #####
advanced.config
==============
[
{rabbit, [
{tcp_listeners, [ {'127.0.0.1', 5672}]},
{ssl_listeners, [5671]},
{auth_mechanisms, [
'EXTERNAL',
'PLAIN'
]},
{ssl_cert_login_from, common_name},
{ssl_options, [
{cacertfile, "######"},
{certfile, "######"},
{keyfile, "######"},
{password, "{encrypted,<<""5oQdYKuunuwOgfmoFISd6A+S1eVSAfsPRrEOMmNx8C18hxK4PVBhawYxCHvWleqV9a4FzETawyrzrKOm0VYN+VoIrwrRyhWp4fazfsrrcy7YSgjCjEHIpYgJjvViM8vsZfHoc8riK1qInWCom4Yb1w=="">>}"},
{verify, verify_peer},
{fail_if_no_peer_cert, true}
]},
{log, [
{file, [
{file, "rabbitmq.log"},
{level, info},
{date, "$D0"},
{count, 60}
]}
]},
{config_entry_decoder, [
{passphrase, "passphrase"},
{cipher, aes_256_cbc},
{hash, sha512},
{iterations, 1000}
]}
]},
{rabbitmq_management, [
{listener, [
{port, 15672},
{ip, "127.0.0.1"}
]}
]}
].
Exception Details in Console
=======================
RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable
---> System.AggregateException: One or more errors occurred. (Unable to write data to the transport connection: An existing connection was forcibly closed by the remote host..)
---> System.IO.IOException: Unable to write data to the transport connection: An existing connection was forcibly closed by the remote host..
---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.CreateException(SocketError error, Boolean forAsyncThrow)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.SendAsyncForNetworkStream(Socket socket, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.SendAsyncForNetworkStream(ReadOnlyMemory`1 buffer, SocketFlags socketFlags, CancellationToken cancellationToken)
at System.Net.Sockets.NetworkStream.WriteAsync(ReadOnlyMemory`1 buffer, CancellationToken cancellationToken)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[TStateMachine](TStateMachine& stateMachine)
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Security.SslStream.ProcessAuthenticationAsync(Boolean isAsync, Boolean isApm, CancellationToken cancellationToken)
at System.Net.Security.SslStream.AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken)
at System.Net.Security.SslStream.AuthenticateAsClientAsync(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at RabbitMQ.Client.Impl.SslHelper.<>c__DisplayClass2_0.<TcpUpgrade>b__0(SslOption opts)
at RabbitMQ.Client.Impl.SslHelper.TcpUpgrade(Stream tcpStream, SslOption options)
at RabbitMQ.Client.Impl.SocketFrameHandler..ctor(AmqpTcpEndpoint endpoint, Func`2 socketFactory, TimeSpan connectionTimeout, TimeSpan readTimeout, TimeSpan writeTimeout)
at RabbitMQ.Client.ConnectionFactory.CreateFrameHandler(AmqpTcpEndpoint endpoint)
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
at RabbitMQ.Client.Framing.Impl.AutorecoveringConnection.Init(IEndpointResolver endpoints)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection()
Luke Bakken
30 พ.ค. 2567 10:34:2830 พ.ค.
ถึง rabbitmq-users
Boney Dennis
30 พ.ค. 2567 23:58:2930 พ.ค.
ถึง rabbitmq-users
Hi Team,
The suggested approach doesnt work.
Our environment is windows, so if I remove the outer double quotes, rabbitMQ gets shut down automatically.
Luke Bakken
31 พ.ค. 2567 00:54:5731 พ.ค.
ถึง rabbitm...@googlegroups.com
Please continue the discussion on GitHub.
You probably have several errors in your configuration file. The extra double quotes are *certainly* one of them.
--
You received this message because you are subscribed to a topic in the Google Groups "rabbitmq-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rabbitmq-users/2fb3T2gGGA0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/70dbc767-f1ab-4480-9c4c-d1bf41f2bfbbn%40googlegroups.com.
ตอบทุกคน
ตอบกลับผู้สร้าง
ส่งต่อ
ข้อความใหม่ 0 รายการ