Using RabbitMQ Client With ASP.NET v4.0 website application - AMQPS connection

[Abdel-karim Ajami]

Hello,

I appreciate please if you can help me with the following:

- I already have a website application developed using ASP.NET v4.0 and I am using visual studio.

- I would like to connect to a remote webservice where the provider gave me the following URL: "amqps://hostname:5671"

       - He also gave me a client certificate

I need to know first which RabbitMQClient.dll file (which version) to use according with ASP.NET v 4.0 and how to create amqps connection?

I highly appreciate your kind feedback.

Best Regards,

Abdel-karim

[Michael Klishin]

Modern RabbitMQ .NET client (4.x, 5.x) releases require .NET 4.6.2 or .NET Core. IIRC 3.6.x runs on 4.5.1.

Please install the package from NuGet [1].

I'd recommend taking a look at at least tutorial 1 [2] and [3] to understand what will be discussed

in the .NET client guide [4] or TLS guide [5]. In [5] you can safely skip the server setup parts,

since that and even client certificate generation is done by your provider.

In [4], Connecting to a Broker mentions how to do it with a URI. [5] has a link to a TLS Troubleshooting

guide that covers how client connection can be established using OpenSSL command line tools

to compare to your app in case you are running into TLS alerts (exceptions). Hopefully you don't need it.

HTH.

1. https://www.nuget.org/packages/RabbitMQ.Client

2. http://www.rabbitmq.com/tutorials/tutorial-one-dotnet.html

3. http://www.rabbitmq.com/tutorials/amqp-concepts.html

4. http://www.rabbitmq.com/dotnet-api-guide.html

5. http://www.rabbitmq.com/ssl.html

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

MK

Staff Software Engineer, Pivotal/RabbitMQ

[Abdel-karim Ajami]

Dear Michael,

Thank you for your kind help.

After doing things similar to what is described in the links above. I did some coding in visual studio as follows:

          string certPath ="C:\\Users\\mahmoud\\Documents\\Visual Studio 2010\\WebSites\\Website1\\MyCert.cer";

            X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);

           

                      

            ConnectionFactory factory = new ConnectionFactory();

           

            Uri link=new Uri(@"amqps://hostname:5671"); // where hostname is the broker host name

            factory.uri = link;

            factory.Ssl.Enabled = true;

            

            factory.Ssl.CertPath = certPath;

            factory.Ssl.CertPassphrase = passwd; // the string variable passwd stores my password

            

            factory.Ssl.Certs = new X509CertificateCollection(new X509Certificate[] { cert });       

                 IConnection conn = null;

                conn=factory.CreateConnection();

But then I get the following result in a log file that stores the exception:

RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable ---> System.IO.IOException: connection.start was never received, likely due to a network timeout

   at RabbitMQ.Client.Framing.Impl.Connection.StartAndTune()

   at RabbitMQ.Client.Framing.Impl.Connection.Open(Boolean insist)

   at RabbitMQ.Client.Framing.Impl.Connection..ctor(IConnectionFactory factory, Boolean insist, IFrameHandler frameHandler)

   at RabbitMQ.Client.Framing.Impl.ProtocolBase.CreateConnection(IConnectionFactory factory, Boolean insist, IFrameHandler frameHandler)

   at RabbitMQ.Client.ConnectionFactory.CreateConnection()

   --- End of inner exception stack trace ---

   at RabbitMQ.Client.ConnectionFactory.CreateConnection()

   at RabbitMQListener.getMessage() in c:\Users\me\Documents\Visual Studio 2010\WebSites\Website1\App_Code\RabbitMQListener.cs:line 66

After a lot of searching without any useful result, I went to the option of troubleshooting TLS connection using openssl where I have already from the brocker the following:

1- Certificate file

2- password (private key) as a string

3- link : amqps://BrokerHostName:5671

as described on https://www.rabbitmq.com/troubleshooting-ssl.html:

openssl s_client -connect localhost:5671 -cert client/cert.pem -key client/key.pem \
  -CAfile testca/cacert.pem

However, it is not clear how to use a text password in my case and where should I include my certificate; is it -cert or -CAfile?

I appreciate your kind assistance.

Best Regards,

Abdel-Karim

--
You received this message because you are subscribed to a topic in the Google Groups "rabbitmq-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rabbitmq-users/ArqoLzJE-4c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.

[Michael Klishin]

See server logs for more details. Was RabbitMQ configured to use TLS? Obscure timeouts

is actually a common scenario when one end of the connection is configured to use TLS and thus awaits

TLS upgrade on a successful TCP connection but the other peer isn't and thus never sends it.

[Abdel-karim Ajami]

Michael,

Unfortunately, I do not have access to the server logs. I just have the information mentioned below including the broker link, client certificate file and password (private key) to be used with the certificate.

I already used the certificate earlier for https connection on another link. But with RabbitMQ I am not able to connect to the brocker.

You may check the output when you use the following command:

OpenSSL> s_client -connect publish.preops.nm.eurocontrol.int:5671 -showcerts

I appreciate any proposal to debug this problem. Is there an easier way to test my connection to the brocker??

Best Regards,

Best Regards,

Abdel-karim

Best Regards,

Abdel-Karim

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.

To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

MK

Staff Software Engineer, Pivotal/RabbitMQ

--
You received this message because you are subscribed to a topic in the Google Groups "rabbitmq-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rabbitmq-users/ArqoLzJE-4c/unsubscribe.

To unsubscribe from this group and all its topics, send an email to rabbitmq-user...@googlegroups.com.

To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.

To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Michael Klishin]

There isn't much to setting up .NET client with TLS [1].

It's very unfortunate that you don't have access to server logs as that's incredibly important.

Please clarify with whoever provided you with this certificate what format it is in.

RabbitMQ, OpenSSL tools assume a PEM format. .NET uses PKCS#12 format

(which [1] mentions). As I mentioned earlier (probably in another thread on this very list),

chances are you have a a DER certificate

and so far there's evidence that at least some tools reject your certificate.

Please do engage the party that provided the certificate file. Converting a copy of it to PEM

should make it possible to use OpenSSL debugging tools.

1. http://www.rabbitmq.com/ssl.html

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Abdel-karim Ajami]

Thank you Michael, I will check with them.

Best Regards,

Abdel-karim

To unsubscribe from this group and all its topics, send an email to rabbitmq-users+unsubscribe@googlegroups.com.

[Abdel-karim Ajami]

Dear Michael,

Thank you again for the info.

I just wanted to mention that I missed to say that the broker provided me the following certificate (name.format) : something_openssl.p12

Also, the broker uses amqp 1.0, so is this the same from client perspective? Can I use the RabbitMQ.Client 5.0.1 NuGet package? Because whenever I use the following code:

factory.Protocol = Protocols.AMQP_0_9_1;

There is no other option than AMQP_0_9_1. Thus I do not use this line to set the protocol given that I learned that AMQP_0_9_1 is different from AMQP 1.0.

I appreciate your kind feedback please.

Best Regards,

Abdel-karim

On Mon, Oct 16, 2017 at 11:42 PM, Michael Klishin <mkli...@pivotal.io> wrote:

To unsubscribe from this group and all its topics, send an email to rabbitmq-users+unsubscribe@googlegroups.com.

[Michael Klishin]

RabbitMQ .NET client implements AMQP 0-9-1, which IS NOT a different version of AMQP 1.0. They are completely different protocols,

despite the name (yes, really — we have implemented both).

You need an AMQP 1.0 client if the server uses AMQP 1.0.

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.

To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Abdel-karim Ajami]

Aha, thank you!

So is there amqp 1.0 client for .NET? so that I can use it in visual studio.

Best Regards,

Abdel-karim

[Michael Klishin]

https://www.google.com/search?q=.NET+AMQP+1.0+client