Rabbitmq Broker unable to configure on port 5671

86 views

Skip to first unread message

Sheetal Parasnis

unread,

Dec 18, 2018, 1:43:02 AM12/18/18

to rabbitmq-users

Hi,

I am trying to configure RabbitMQ broker on SSL 5671 port. {RabbitMQ 3.6.2 configured on RDO Queens.}

I have created CA certs, also created certs for server and client . I have given chmod 0600 permissions to cert dir and user is root.

Snippet from /etc/rabbitmq/rabbitmq.config file :

[

{kernel, [

]},

{ssl, [{versions, ['tlsv1.2']}]},

{rabbit, [

{ssl_listeners, [5671]},

{ssl_options, [{cacertfile,"/etc/rabbitmq/ssl/testca/cacertificate.pem"},

{certfile,"/etc/rabbitmq/ssl/server/server_certificate.pem"},

{keyfile,"/etc/rabbitmq/ssl/server/private_key.pem"},

{verify,verify_none},

{fail_if_no_peer_cert,false}

,{versions,['tlsv1.2']}

,{ciphers,["ECDHE-ECDSA-AES256-SHA384","ECDH-ECDSA-AES256-SHA384","ECDHE-RSA-AES128-SHA256","ECDH-RSA-AES128-SHA256"]}

]},

{tcp_listen_options, [binary, {packet,raw},

{reuseaddr,true},

{backlog,128},

{nodelay,true},

{exit_on_close,false},

{keepalive,false}]},

{default_user, <<"guest">>},

{default_pass, <<"guest">>},

{heartbeat, 580}

]}

% EOF

/var/log/rabbitmq/rab...@controller.log shows these messages

started SSL Listener on [::]:5671

started TCP Listener on [::]:5672

But when I am trying to check if broker is correctly configured on TLS using this command :

openssl s_client -connect localhost:5671 -cert /etc/rabbitmq/ssl/client/client_certificate.pem -key /etc/rabbitmq/ssl/client/private_key.pem -CAfile /etc/rabbitmq/ssl/testca/cacertificate.pem

This command does not return me any output .

Am I missing anything here ?

Thanks in advance !!!

Sheetal

Luke Bakken

unread,

Dec 18, 2018, 12:23:39 PM12/18/18

to rabbitmq-users

Hi Sheetal,

I strongly suggest starting with a much simpler configuration, then adding more options. You should start with the file I attached.

Finally, the certificates must be stored in a directory that is readable by the rabbitmq user. Based on your description, RabbitMQ can't read the certificates since they are limited to the root user.

Thanks,

Luke

rabbitmq.config

Sheetal Parasnis

unread,

Dec 19, 2018, 3:39:51 AM12/19/18

to rabbitmq-users

Hi Luke,

Thanks so much for your quick reply.

I changed owner & group of cert files from root to rabbitmq and it solved my problem. :)

But now openstack services like cinder,nova can not access rabbitmq on port 5671 even if I specified cert location in respective CONF file e.g. cinder.conf

Not sure if you will be able to help me here...

but thanks again !!!

Regards,

Sheetal

Michael Klishin

unread,

Dec 19, 2018, 5:11:57 AM12/19/18

to rabbitm...@googlegroups.com

OpenStack questions belong to the OpenStack operators group. Don't forgot to share broker logs with them ;)

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Staff Software Engineer, Pivotal/RabbitMQ

Sheetal Parasnis

unread,

Dec 19, 2018, 9:13:49 AM12/19/18

to rabbitmq-users

Hi Michael,

how do i join openstack operator group ?

Michael Klishin

unread,

Dec 19, 2018, 11:00:30 AM12/19/18

to rabbitm...@googlegroups.com

A quick Google search for "openstack operator mailing list" yielded [1].

1. https://wiki.openstack.org/wiki/Mailing_Lists

Sheetal Parasnis

unread,

Dec 24, 2018, 12:34:44 PM12/24/18

to rabbitmq-users

Hi there,

I am still facing problems configuring TLS on rabbitmq broker.

I have created client and server certificates as mentioned here : https://www.rabbitmq.com/ssl.html#manual-certificate-generation

I also verified TLS connections and certificate/key pairs using commands :

openssl s_client -connect 172.16.18.230:8443 -cert /etc/rabbitmq/ssl/client/client_certificate.pem -key /etc/rabbitmq/ssl/client/private_key.pem -CAfile /etc/pki/tls/rabbitmq/testca/cacertificate.pem AND

openssl s_server -accept 8443 -cert /etc/pki/tls/rabbitmq /server/server_certificate.pem -key /etc/pki/tls/rabbitmq/server/private_key.pem -CAfile /etc/pki/tls/rabbitmq/testca/cacertificate.pem

I received Verify return code: 0 (ok) as output to openssl s_client -connect command.

In very first post, openssl s_client -connect command did not return any output but then i added -debug to the command and now I am getting

"No client certificate CA names sent" and "Verify return code: 0 " messages in the command output.

Is this a correct behavior ? Can some help here ?

[root@cil016018230 ssl]# openssl s_client -connect 172.16.18.230:5671 -debug -cert /etc/rabbitmq/ssl/client/client_certificate.pem -key /etc/rabbitmq/ssl/client/private_key.pem -CAfile /etc/pki/tls/rabbitmq/testca/cacertificate.pem

CONNECTED(00000003)

write to 0xe1c080 [0xe49f10] (289 bytes => 289 (0x121))

0000 - 16 03 01 01 1c 01 00 01-18 03 03 ff c2 26 09 2c .............&.,

0010 - 8e a4 6e 59 42 e6 ec fb-10 d9 24 8b f2 95 60 ea ..nYB.....$...`.

0020 - 10 82 4a a6 b5 39 5b b0-cb 52 5e 00 00 ac c0 30 ..J..9[..R^....0

0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a5 00 a3 00 a1 .,.(.$..........

0040 - 00 9f 00 6b 00 6a 00 69-00 68 00 39 00 38 00 37 ...k.j.i.h.9.8.7

0050 - 00 36 00 88 00 87 00 86-00 85 c0 32 c0 2e c0 2a .6.........2...*

0060 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f .&.......=.5.../

0070 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a4 00 a2 00 a0 .+.'.#..........

0080 - 00 9e 00 67 00 40 00 3f-00 3e 00 33 00 32 00 31 ...g.@.?.>.3.2.1

0090 - 00 30 00 9a 00 99 00 98-00 97 00 45 00 44 00 43 .0.........E.D.C

00a0 - 00 42 c0 31 c0 2d c0 29-c0 25 c0 0e c0 04 00 9c .B.1.-.).%......

00b0 - 00 3c 00 2f 00 96 00 41-c0 12 c0 08 00 16 00 13 .<./...A........

00c0 - 00 10 00 0d c0 0d c0 03-00 0a 00 07 c0 11 c0 07 ................

00d0 - c0 0c c0 02 00 05 00 04-00 ff 01 00 00 43 00 0b .............C..

00e0 - 00 04 03 00 01 02 00 0a-00 0a 00 08 00 17 00 19 ................

00f0 - 00 18 00 16 00 23 00 00-00 0d 00 20 00 1e 06 01 .....#..... ....

0100 - 06 02 06 03 05 01 05 02-05 03 04 01 04 02 04 03 ................

0110 - 03 01 03 02 03 03 02 01-02 02 02 03 00 0f 00 01 ................

0120 - 01 .

read from 0xe1c080 [0xe4f470] (7 bytes => 7 (0x7))

0000 - 16 03 03 00 57 02 ....W.

0007 - <SPACES/NULS>

read from 0xe1c080 [0xe4f47a] (85 bytes => 85 (0x55))

0000 - 00 53 03 03 5c 21 19 e4-2a 5f 26 d3 ee 8a 76 06 .S..\!..*_&...v.

0010 - fd 6f 0d 9e 02 cb cd 37-fd ee be 65 dd 06 78 98 .o.....7...e..x.

0020 - a5 3b 5d b4 20 26 b5 dd-1f 51 0f 81 06 40 3b f4 .;]. &...Q...@;.

0030 - 0b 9d 79 ec 04 c8 c3 23-8e fd 5a d9 3c 1d 96 b4 ..y....#..Z.<...

0040 - d8 05 ac c2 c9 c0 27 00-00 0b 00 0b 00 02 01 00 ......'.........

0050 - ff 01 00 01 ....

0055 - <SPACES/NULS>

read from 0xe1c080 [0xe4f473] (5 bytes => 5 (0x5))

0000 - 16 03 03 05 d4 .....

read from 0xe1c080 [0xe4f478] (1492 bytes => 1492 (0x5D4))

0000 - 0b 00 05 d0 00 05 cd 00-02 fd 30 82 02 f9 30 82 ..........0...0.

0010 - 01 e1 a0 03 02 01 02 02-01 01 30 0d 06 09 2a 86 ..........0...*.

0020 - 48 86 f7 0d 01 01 0b 05-00 30 13 31 11 30 0f 06 H........0.1.0..

0030 - 03 55 04 03 0c 08 4d 79-54 65 73 74 43 41 30 1e .U....MyTestCA0.

0040 - 17 0d 31 38 31 32 31 37-31 36 35 37 34 31 5a 17 ..181217165741Z.

0050 - 0d 31 39 31 32 31 37 31-36 35 37 34 31 5a 30 3c .191217165741Z0<

0060 - 31 29 30 27 06 03 55 04-03 0c 20 63 69 6c 30 31 1)0'..U... cil01

0070 - 36 30 31 38 32 33 30 2e-63 69 6c 2e 72 61 6c 65 6018230.cil.rale

0080 - 69 67 68 2e 69 62 6d 2e-63 6f 6d 31 0f 30 0d 06 igh.ibm.com1.0..

0090 - 03 55 04 0a 0c 06 73 65-72 76 65 72 30 82 01 22 .U....server0.."

00a0 - 30 0d 06 09 2a 86 48 86-f7 0d 01 01 01 05 00 03 0...*.H.........

00b0 - 82 01 0f 00 30 82 01 0a-02 82 01 01 00 ac 91 ba ....0...........

00c0 - ec 27 fd 9e 14 68 9f 7b-92 df f6 b4 11 98 bf 17 .'...h.{........

00d0 - 7d 05 6c 7a fa ce c9 12-33 4b 93 a8 14 18 d3 91 }.lz....3K......

00e0 - c9 04 b8 66 b2 75 bb a1-46 d7 95 24 24 e2 3d 48 ...f.u..F..$$.=H

00f0 - f7 93 c4 ce 20 71 1e c2-46 de 1c 36 19 e3 3b a2 .... q..F..6..;.

0100 - dd a1 f2 34 75 8a 5a 3b-18 ca 03 46 d2 84 51 53 ...4u.Z;...F..QS

0110 - 19 8a f6 2a bf 9e bc 2c-f3 ec 2c 16 34 4c fb 64 ...*...,..,.4L.d

0120 - 36 20 7f 13 bf 3f 13 28-68 2d 5c d8 c8 53 6e 04 6 ...?.(h-\..Sn.

0130 - ce 3b 96 5d da 94 69 5f-04 8a f2 92 6d a2 fb ed .;.]..i_....m...

0140 - 7e fe b6 45 ba 25 9a ed-45 2a 85 88 46 21 72 55 ~..E.%..E*..F!rU

0150 - 47 b1 75 10 bb 78 35 4a-99 37 90 8f d5 b4 ea b6 G.u..x5J.7......

0160 - ee 43 70 b9 20 ab 9f ef-26 34 2d 46 42 72 f1 40 .Cp. ...&4-FBr.@

0170 - 63 d7 8d 23 6f ec 86 70-88 4c 4a 9e f2 9b 69 2a c..#o..p.LJ...i*

0180 - d6 62 13 82 4f 6e 68 e9-70 74 06 38 08 94 04 7c .b..Onh.pt.8...|

0190 - 82 16 f2 5e 0a dd 01 fa-fe f6 d6 6f 23 39 46 14 ...^.......o#9F.

01a0 - b7 08 93 53 0e f4 38 45-a6 64 ef a9 b7 27 97 b9 ...S..8E.d...'..

01b0 - be 74 dd bc 3e 1a 27 43-e5 44 4c ab 35 02 03 01 .t..>.'C.DL.5...

01c0 - 00 01 a3 2f 30 2d 30 09-06 03 55 1d 13 04 02 30 .../0-0...U....0

01d0 - 00 30 0b 06 03 55 1d 0f-04 04 03 02 05 a0 30 13 .0...U........0.

01e0 - 06 03 55 1d 25 04 0c 30-0a 06 08 2b 06 01 05 05 ..U.%..0...+....

01f0 - 07 03 01 30 0d 06 09 2a-86 48 86 f7 0d 01 01 0b ...0...*.H......

0200 - 05 00 03 82 01 01 00 28-b9 cf 17 34 ce b8 2e 7b .......(...4...{

0210 - 5c f1 57 6f c9 4d 60 01-55 ff 07 77 c7 0c 0c 66 \.Wo.M`.U..w...f

0220 - 0a e2 bf c3 00 fc 1a 94-7b 16 44 e5 cc 92 01 ae ........{.D.....

0230 - 3f 54 f0 69 63 a7 7e 4a-74 25 a3 d3 d4 0d 49 90 ?T.ic.~Jt%....I.

0240 - 76 8f 60 25 07 d4 2d fa-d0 fe 8a df ea 8a 2e 1f v.`%..-.........

0250 - b6 71 74 21 0d ec 23 e7-de d5 d2 ee 86 c1 91 23 .qt!..#........#

0260 - b5 1d 48 0a 59 5e e4 a5-bd 41 6a 71 49 b8 13 d5 ..H.Y^...AjqI...

0270 - a4 7a 8b ba 3c b8 34 20-2c 52 c9 20 63 c0 86 53 .z..<.4 ,R. c..S

0280 - 84 b7 6f 75 10 87 0b c1-32 e2 3c b5 7f 91 b6 59 ..ou....2.<....Y

0290 - ed 55 cf e4 13 0c e6 54-be 18 83 de f8 a2 fe c1 .U.....T........

02a0 - 95 19 00 45 da 22 73 cf-68 b4 c4 91 89 0e b5 72 ...E."s.h......r

02b0 - 83 c4 f8 27 56 7e 1e e2-06 70 b4 91 43 95 99 e0 ...'V~...p..C...

02c0 - 85 ed 99 a4 c4 db 38 c2-b3 a9 2c 13 37 6e 8c 58 ......8...,.7n.X

02d0 - 4b 2f 22 48 40 6f b5 ed-59 41 ae 4c c7 ec b1 9d K/"H@o..YA.L....

02e0 - 5a 20 87 d6 93 c3 51 43-a1 86 32 d5 15 24 a4 d0 Z ....QC..2..$..

02f0 - d9 0e 06 98 f3 55 2e d8-f0 fe c7 78 9d 05 0c b5 .....U.....x....

0300 - cf a4 e4 3f cd 39 75 00-02 ca 30 82 02 c6 30 82 ...?.9u...0...0.

0310 - 01 ae a0 03 02 01 02 02-09 00 d7 99 3b e5 99 fc ............;...

0320 - 5a e9 30 0d 06 09 2a 86-48 86 f7 0d 01 01 0b 05 Z.0...*.H.......

0330 - 00 30 13 31 11 30 0f 06-03 55 04 03 0c 08 4d 79 .0.1.0...U....My

0340 - 54 65 73 74 43 41 30 1e-17 0d 31 38 31 32 31 37 TestCA0...181217

0350 - 31 36 35 33 35 30 5a 17-0d 31 39 31 32 31 37 31 165350Z..1912171

0360 - 36 35 33 35 30 5a 30 13-31 11 30 0f 06 03 55 04 65350Z0.1.0...U.

0370 - 03 0c 08 4d 79 54 65 73-74 43 41 30 82 01 22 30 ...MyTestCA0.."0

0380 - 0d 06 09 2a 86 48 86 f7-0d 01 01 01 05 00 03 82 ...*.H..........

0390 - 01 0f 00 30 82 01 0a 02-82 01 01 00 b5 f0 d8 d0 ...0............

03a0 - 71 b6 e1 1a 66 1f 61 93-37 ee b3 19 1f dc 8d 5e q...f.a.7......^

03b0 - 73 ac bc 88 db 32 26 d3-1e 18 79 94 31 cc 68 4b s....2&...y.1.hK

03c0 - a9 3d 02 41 6f 24 36 95-52 d0 bc 3e 5a ff 96 3d .=.Ao$6.R..>Z..=

03d0 - e9 7f 24 10 61 4e e0 7e-6c 4b 50 25 90 38 7a 44 ..$.aN.~lKP%.8zD

03e0 - 2c 58 a4 41 d4 74 97 ee-b5 2e f9 59 d5 32 2c 65 ,X.A.t.....Y.2,e

03f0 - b4 a2 22 0d 55 71 c1 31-6c d8 67 45 6c d4 a6 97 ..".Uq.1l.gEl...

0400 - d5 f9 bc 89 2f 0e 0d 1d-5c 19 81 8e d4 97 50 d2 ..../...\.....P.

0410 - 42 a1 ac 17 3e 24 c1 71-82 92 4a b8 d8 25 7f 2f B...>$.q..J..%./

0420 - 7c 50 c6 e0 1b 17 8c 07-40 f0 f4 79 cd e0 9a 67 |P......@..y...g

0430 - cf 13 0c 9f b8 ed ca b9-e2 37 33 29 03 42 07 bc .........73).B..

0440 - 1b e2 f2 ac 80 96 c3 8a-e3 ff 56 c1 dc c9 29 1a ..........V...).

0450 - dd e1 e5 d0 78 ca 45 f3-10 09 26 ec 3c a3 fd e0 ....x.E...&.<...

0460 - 95 62 88 04 b8 9c 3d d3-3b 06 df a5 c6 4a 9e 9b .b....=.;....J..

0470 - dc 17 1c 0f 2b b8 87 f3-2b e1 71 fd ab 18 dd bf ....+...+.q.....

0480 - 21 26 7e f0 5e a4 10 c1-e7 f2 35 1c 05 d1 6b e5 !&~.^.....5...k.

0490 - ad f8 df f3 3e 65 92 a0-f6 ee 3e ab 02 03 01 00 ....>e....>.....

04a0 - 01 a3 1d 30 1b 30 0c 06-03 55 1d 13 04 05 30 03 ...0.0...U....0.

04b0 - 01 01 ff 30 0b 06 03 55-1d 0f 04 04 03 02 01 06 ...0...U........

04c0 - 30 0d 06 09 2a 86 48 86-f7 0d 01 01 0b 05 00 03 0...*.H.........

04d0 - 82 01 01 00 73 a6 50 26-0f 74 90 09 88 39 5a a0 ....s.P&.t...9Z.

04e0 - 74 5c 46 b2 9b c9 6b b8-cc c3 9e f9 ee 40 f4 18 t\F...k......@..

04f0 - 3e 7c 66 5e 81 d5 cf 8d-35 bb f7 dd e5 b1 1c f8 >|f^....5.......

0500 - 1b 44 f1 9e d5 38 86 3f-df 72 2a 28 1e 06 02 be .D...8.?.r*(....

0510 - 37 27 40 e5 28 04 8b e4-47 6a 3a 91 6f 28 da 32 7'@.(...Gj:.o(.2

0520 - dc 97 1f 33 c6 00 a7 d6-6b dd 94 ba 7c 99 63 87 ...3....k...|.c.

0530 - ce 18 5f de 10 91 69 b6-d9 6a 41 55 f0 5c af 84 .._...i..jAU.\..

0540 - 5a f0 3d bd c1 17 21 d4-d7 96 44 c1 4c cc 80 44 Z.=...!...D.L..D

0550 - 9f 6c 3c c4 13 eb e1 68-d0 05 6c 33 e7 a6 b5 97 .l<....h..l3....

0560 - a8 b4 c5 39 71 88 15 ef-c5 85 fb 3b c9 2d 61 37 ...9q......;.-a7

0570 - 20 3a 91 79 44 11 46 5f-a8 44 5a df dc e6 bc c8 :.yD.F_.DZ.....

0580 - 6d 6f 6d e8 57 12 d4 ab-62 72 da 56 84 9c 9d 34 mom.W...br.V...4

0590 - 45 2d 29 40 f0 36 7a dd-55 41 98 0c e3 23 2f 07 E-)@.6z.UA...#/.

05a0 - 14 dc a0 72 91 e7 71 83-e2 6f 57 1b 2d a0 9c 54 ...r..q..oW.-..T

05b0 - 86 56 ea de 1f f3 e3 0b-bb db 31 95 4b e5 cd 12 .V........1.K...

05c0 - 96 23 d8 2c ee b4 ac b4-06 de 1a 8a 55 9f 44 f3 .#.,........U.D.

05d0 - 58 88 a5 ee X...

depth=1 CN = MyTestCA

verify return:1

depth=0 CN = cil016018230.cil.raleigh.ibm.com, O = server

verify return:1

read from 0xe1c080 [0xe4f473] (5 bytes => 5 (0x5))

0000 - 16 03 03 01 4d ....M

read from 0xe1c080 [0xe4f478] (333 bytes => 333 (0x14D))

0000 - 0c 00 01 49 03 00 17 41-04 50 f7 dd 13 db 6f b1 ...I...A.P....o.

0010 - 82 7e 22 c5 08 7e 6a c7-c0 2a a5 0b 92 49 96 49 .~"..~j..*...I.I

0020 - d2 b8 8e 7b f6 e9 9b bc-ba 9e be 4a 6c 59 28 fe ...{.......JlY(.

0030 - 68 ee 28 13 95 60 73 69-49 f9 8d db 99 ea 08 4b h.(..`siI......K

0040 - f8 73 ed 09 1f 66 c3 36-ec 06 01 01 00 4c 74 0d .s...f.6.....Lt.

0050 - fe 43 7f 0d 20 50 7b 75-64 c5 b2 97 24 06 5f 74 .C.. P{ud...$._t

0060 - 58 6a b8 4f f9 93 e9 27-51 2d 5d 45 67 fa 12 2c Xj.O...'Q-]Eg..,

0070 - c1 3b 32 17 d1 2b 0a 3f-8f 24 a3 41 27 21 a0 34 .;2..+.?.$.A'!.4

0080 - d0 e3 0e bc 06 80 5e 90-ef cc 41 a3 9b 8a 61 3f ......^...A...a?

0090 - e5 66 b1 04 75 2d 28 18-25 8f ae 2d b8 7c aa 56 .f..u-(.%..-.|.V

00a0 - 12 72 85 e4 93 60 75 f0-a5 07 e3 9a 75 90 3a fb .r...`u.....u.:.

00b0 - b9 24 62 f8 11 02 22 2f-f8 45 bf f3 d8 b7 8e 06 .$b..."/.E......

00c0 - 5f 07 a0 9c 65 2f bb 78-20 2b e2 f0 19 2d d2 bb _...e/.x +...-..

00d0 - 8c 18 13 9a b8 06 85 74-38 ca 7f 1e 2c eb 10 dd .......t8...,...

00e0 - a1 f5 f4 37 93 3f 5c 31-80 42 4d a9 49 35 01 6c ...7.?\1.BM.I5.l

00f0 - 1b aa 9e 79 54 c1 aa 6b-cd 50 f0 74 e6 f7 fb 70 ...yT..k.P.t...p

0100 - 13 00 99 d0 e7 8d ab ec-ba f4 36 e2 ab c8 ba 08 ..........6.....

0110 - b8 5a 9c f2 43 75 29 08-ed d7 d6 f4 a5 24 b7 a6 .Z..Cu)......$..

0120 - a3 a7 19 b9 4c 57 4e a2-0e e0 af be 46 0c 6a 0b ....LWN.....F.j.

0130 - f4 01 19 44 e0 46 49 fa-8d 00 b3 6d 7d 04 9d f1 ...D.FI....m}...

0140 - ff 7e 82 51 fb e4 94 95-af 94 ce a6 b6 .~.Q.........

read from 0xe1c080 [0xe4f473] (5 bytes => 5 (0x5))

0000 - 16 03 03 00 04 .....

read from 0xe1c080 [0xe4f478] (4 bytes => 4 (0x4))

0000 - 0e .

0004 - <SPACES/NULS>

write to 0xe1c080 [0xe59300] (75 bytes => 75 (0x4B))

0000 - 16 03 03 00 46 10 00 00-42 41 04 ab 34 07 1b 79 ....F...BA..4..y

0010 - e4 42 6a 52 83 fe 44 7d-f0 0b 17 a2 95 51 af ec .BjR..D}.....Q..

0020 - 17 7e a1 2f b8 ee bc cf-2a 05 83 a0 64 d2 02 7c .~./....*...d..|

0030 - 8c e2 7c 29 1a b3 87 5a-92 cd 9c 31 a8 67 3b d4 ..|)...Z...1.g;.

0040 - 31 c9 5f e8 c6 5f 6a e5-9e 79 77 1._.._j..yw

write to 0xe1c080 [0xe59300] (6 bytes => 6 (0x6))

0000 - 14 03 03 00 01 01 ......

write to 0xe1c080 [0xe59300] (85 bytes => 85 (0x55))

0000 - 16 03 03 00 50 aa ec b7-24 57 3e 26 4e fe 7b 02 ....P...$W>&N.{.

0010 - 6a bb 00 dc 7a 19 df 0a-86 e6 41 d1 3e 0d 3b 76 j...z.....A.>.;v

0020 - 8f d9 24 ec e2 20 cf c6-03 d3 12 b0 fe 10 45 8c ..$.. ........E.

0030 - 01 0f 3a 4d 88 54 3d 89-5b 3a 04 fa 5f cd 72 d7 ..:M.T=.[:.._.r.

0040 - 37 88 8f 3a 98 19 80 90-85 e2 b6 bc c1 a0 5d ba 7..:..........].

0050 - 0c 11 f8 e0 ae .....

read from 0xe1c080 [0xe4f473] (5 bytes => 5 (0x5))

0000 - 14 03 03 00 01 .....

read from 0xe1c080 [0xe4f478] (1 bytes => 1 (0x1))

0000 - 01 .

read from 0xe1c080 [0xe4f473] (5 bytes => 5 (0x5))

0000 - 16 03 03 00 50 ....P

read from 0xe1c080 [0xe4f478] (80 bytes => 80 (0x50))

0000 - 84 3f f8 e6 2e 23 84 c4-f8 7c d4 63 8e a6 04 40 .?...#...|.c...@

0010 - bd ab 9f 7b 72 c6 ea a4-17 cb f5 38 0c 39 4f 05 ...{r......8.9O.

0020 - 09 73 5a bd 05 c9 74 82-cd 6a 49 9c 86 fe 54 20 .sZ...t..jI...T

0030 - 6a 54 94 6c a3 6f ae c7-b3 cc 8f 59 06 c2 be fd jT.l.o.....Y....

0040 - 4b 11 86 0c b4 2b 85 ef-67 70 d9 47 46 5b 23 08 K....+..gp.GF[#.

---

Certificate chain

0 s:/CN=cil016018230.cil.raleigh.ibm.com/O=server

i:/CN=MyTestCA

1 s:/CN=MyTestCA

i:/CN=MyTestCA

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIC+TCCAeGgAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl

c3RDQTAeFw0xODEyMTcxNjU3NDFaFw0xOTEyMTcxNjU3NDFaMDwxKTAnBgNVBAMM

IGNpbDAxNjAxODIzMC5jaWwucmFsZWlnaC5pYm0uY29tMQ8wDQYDVQQKDAZzZXJ2

ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCskbrsJ/2eFGife5Lf

9rQRmL8XfQVsevrOyRIzS5OoFBjTkckEuGaydbuhRteVJCTiPUj3k8TOIHEewkbe

HDYZ4zui3aHyNHWKWjsYygNG0oRRUxmK9iq/nrws8+wsFjRM+2Q2IH8Tvz8TKGgt

XNjIU24EzjuWXdqUaV8EivKSbaL77X7+tkW6JZrtRSqFiEYhclVHsXUQu3g1Spk3

kI/VtOq27kNwuSCrn+8mNC1GQnLxQGPXjSNv7IZwiExKnvKbaSrWYhOCT25o6XB0

BjgIlAR8ghbyXgrdAfr+9tZvIzlGFLcIk1MO9DhFpmTvqbcnl7m+dN28PhonQ+VE

TKs1AgMBAAGjLzAtMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoG

CCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQAouc8XNM64Lntc8VdvyU1gAVX/

B3fHDAxmCuK/wwD8GpR7FkTlzJIBrj9U8Gljp35KdCWj09QNSZB2j2AlB9Qt+tD+

it/qii4ftnF0IQ3sI+fe1dLuhsGRI7UdSApZXuSlvUFqcUm4E9Wkeou6PLg0ICxS

ySBjwIZThLdvdRCHC8Ey4jy1f5G2We1Vz+QTDOZUvhiD3vii/sGVGQBF2iJzz2i0

xJGJDrVyg8T4J1Z+HuIGcLSRQ5WZ4IXtmaTE2zjCs6ksEzdujFhLLyJIQG+17VlB

rkzH7LGdWiCH1pPDUUOhhjLVFSSk0NkOBpjzVS7Y8P7HeJ0FDLXPpOQ/zTl1

-----END CERTIFICATE-----

subject=/CN=cil016018230.cil.raleigh.ibm.com/O=server

issuer=/CN=MyTestCA

---

No client certificate CA names sent

Peer signing digest: SHA512

Server Temp Key: ECDH, P-256, 256 bits

---

SSL handshake has read 2027 bytes and written 455 bytes

---

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA256

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

Protocol : TLSv1.2

Cipher : ECDHE-RSA-AES128-SHA256

Session-ID: 26B5DD1F510F8106403BF40B9D79EC04C8C3238EFD5AD93C1D96B4D805ACC2C9

Session-ID-ctx:

Master-Key: 0D15D730B634F918F0DCD2C142B0567CD993811DA7240090DBBCF6AB02B71AA56FCABE3ACBE6997D19762274768E3BD8

Key-Arg : None

Krb5 Principal: None

PSK identity: None

PSK identity hint: None

Start Time: 1545673188

Timeout : 300 (sec)

Verify return code: 0 (ok)

---

read from 0xe1c080 [0xe4f473] (5 bytes => 5 (0x5))

0000 - 15 03 03 00 40 ....@

read from 0xe1c080 [0xe4f478] (64 bytes => 64 (0x40))

0000 - d4 20 07 89 62 90 eb ae-4a 4b fc 50 ba 41 77 ab . ..b...JK.P.Aw.

0010 - 57 bc 18 a5 e6 4b f3 9f-fa f2 e2 2b 0d 97 79 10 W....K.....+..y.

0020 - ab da f4 8e 5c f9 a8 81-6d 73 70 06 34 5c bd 8e ....\...msp.4\..

0030 - 34 be 64 ee a5 d0 ff 8b-6a fe a8 32 9a 73 45 5d 4.d.....j..2.sE]

closed

write to 0xe1c080 [0xe539c3] (69 bytes => 69 (0x45))

0000 - 15 03 03 00 40 df 1d cf-ab be 87 91 f9 57 da aa ....@........W..

0010 - d4 a6 73 17 d1 6f dd b6-ac c3 7f 99 fc f6 c9 bb ..s..o..........

0020 - 64 5a a2 3e e1 ca f2 d5-a3 08 32 31 0e ad e9 5e dZ.>......21...^

0030 - fa de cb 00 b5 b0 fa 09-45 23 97 83 17 43 c8 ab ........E#...C..

0040 - f3 e4 26 e8 cf ..&..

Michael Klishin

unread,

Dec 24, 2018, 1:10:08 PM12/24/18

to rabbitm...@googlegroups.com

According to this output, `openssl s_client` successfully connected.

The "Verify return code: 0 (ok)" tells you that, a server certificate chain printed

also means that the certificate exchange did happen and there are 2 certificates

in the server chain, as expected from the doc instructions.

What isn't meeting your expectations?

By the way, you may want to edit those "subject=/CN" lines before posting.

You can delete existing group messages in the UI at https://groups.google.com/forum/#!forum/rabbitmq-users.

Reply all

Reply to author

Forward

0 new messages