EXTERNAL login refused: user 'CN=myhostname' - invalid credentials

225 views
Skip to first unread message

Vimala M

unread,
Oct 9, 2023, 3:14:57 PM10/9/23
to rabbitmq-users
Hi Team,
The below are my rabbitmq version and configurations. when i use client certificate authentication getting the error -" EXTERNAL login refused: user 'CN=myhostname' - invalid credentials" even when i added that user in rabbitmq management console.


Versions: RabbitMQ 3.12.0Erlang 25.3
rabbitmq config

[
 {ssl, [{versions, ['tlsv1.2']}]},
 {rabbit, [
          {ssl_listeners, [8756},
  {auth_mechanisms, ['EXTERNAL', 'PLAIN','AMQPLAIN']},
  {ssl_cert_login_from, distinguished_name},
          {ssl_options, [{cacertfile, "C:\\Program Files (x86)\\SiPass integrated\\openssl\\ca_certificate.pem"},
                        {certfile, "C:\\Program Files (x86)\\SiPass integrated\\openssl\\server_certificate.pem"},
                        {keyfile, "C:\\Program Files (x86)\\SiPass integrated\\openssl\\server_key.pem"},
 {verify,verify_peer},                  
                  {fail_if_no_peer_cert,true}
]}
          ]}
].
When i try to connect with .netclient getting below exception in rabbitmq log
Getting Exception:EXTERNAL login refused: user 'CN=myhostname' - invalid credentials
Could you please help me on that

Luke Bakken

unread,
Oct 9, 2023, 7:04:34 PM10/9/23
to rabbitmq-users
Hello,

What is the full output of this command?

rabbitmqctl list_users

Thanks,
Luke

Vimala M

unread,
Oct 10, 2023, 12:46:54 AM10/10/23
to rabbitmq-users
Hi Luke,
Please find the out of rabbitmqctl list_users command.

user    tags
SiPass Root CA  [administrator]
APIUSER [administrator]
INCHN37451WSPR  [administrator]
rabbit.PNG

Vimala M

unread,
Oct 10, 2023, 4:32:58 AM10/10/23
to rabbitmq-users
And the below is my .netframework4.8 testclient

 string hostName = System.Net.Dns.GetHostEntry("").HostName;
var userName = hostName;
MessageBox.Show("new authentication success" + userName);
var factory = new ConnectionFactory
{
HostName = hostName,
VirtualHost = hostName,
// VirtualHost = "/",
Port = 8756,
AuthMechanisms = new IAuthMechanismFactory[] { new ExternalMechanismFactory() },
   
UserName = userName,
Ssl = new SslOption
{
Enabled = true,
ServerName = userName,

 Version = SslProtocols.Tls11|SslProtocols.Tls12 | SslProtocols.Tls11|SslProtocols.Tls13,
AcceptablePolicyErrors = SslPolicyErrors.RemoteCertificateNameMismatch |
SslPolicyErrors.RemoteCertificateChainErrors,
 
 CertPath = @"C:\Program Files\OpenSSL-Win64\bin\client.pfx",
 
CertPassphrase = ""


}
};

connection = factory.CreateConnection();

Luke Bakken

unread,
Oct 10, 2023, 11:52:15 AM10/10/23
to rabbitmq-users
You have not created a user with the following name:

CN=myhostname

When you use X509 certificate authentication, the user still must exist in RabbitMQ's internal database (or other auth provider if you have configured one).

Thanks,
Luke

Vimala M

unread,
Oct 11, 2023, 1:15:31 AM10/11/23
to rabbitmq-users
Hi Luke,
Thanks for your reply.

No I had already created username as INCHN37451WSPR in rabbitmq management console . For issue description i renamed as myhostname but actually my hostname is  INCHN37451WSPR

Anyhow still facing the issue. 
EXTERNAL login refused: user 'CN=INCHN37451WSPR' - invalid credentials

Could you please help

RabbitmqUser.PNG

Luke Bakken

unread,
Oct 11, 2023, 11:34:27 AM10/11/23
to rabbitmq-users
You must create a user with this exact username:

CN=INCHN37451WSPR

The "CN=" is significant. This is exactly what the error message is telling you.

Reply all
Reply to author
Forward
0 new messages