Checking CRL
50 views
Skip to first unread message
John Fortunate
Jun 5, 2023, 6:02:16 AM6/5/23
to rabbitmq-users
Hi Team,
I am setting up an rmq server for a number of IoT device information queuing in mqtt. I am setting up an mTLS authentication. And for CRL validation I've set ssl_options.crl_check = true in my config. Also, my certificate does contain CRL distribution pointers URL. But when I try to connect with the client it gives the following error.
Could I please get some help regarding this? Thank you.
John Fortunate
Jun 5, 2023, 6:03:24 AM6/5/23
to rabbitmq-users
{bad_crls, no_relevant_crls}
sorry forget to add error message.
sorry forget to add error message.
Luke Bakken
Jun 5, 2023, 4:07:59 PM6/5/23
to rabbitmq-users
Hello,
I suggest enabling logging of the HTTP requests to your CRL file server to see what files are being requested.
You should be able to use openssl s_client and s_server to reproduce what is happening as well. Have you tried that? If so, share the full commands you are running and their output.
Finally, ensure you are setting up your certs and CRL correctly. We use our "tls-gen" project as a baseline:
Thanks,
Luke
Reply all
Reply to author
Forward
0 new messages