RabbitMQ SSL keyfile badmatch
503 views
Skip to first unread message
RabbiFannatic
Jun 26, 2015, 5:14:59 PM6/26/15
to rabbitm...@googlegroups.com
When trying to run
openssl s_client -connect localhost:5671 -cert client/cert.pem -key client/key.pem \ -CAfile testca/cacert.pem
I get
31440:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/SourceCache/OpenSSL098/OpenSSL098-52.20.2/src/crypto/evp/evp_enc.c:330:
31440:error:0906A065:PEM routines:PEM_do_header:bad decrypt:/SourceCache/OpenSSL098/OpenSSL098-52.20.2/src/crypto/pem/pem_lib.c:428:
and this in my rabbitmqlog
=ERROR REPORT==== 26-Jun-2015::16:07:30 ===
Error on AMQP connection <0.5321.0>:
{ssl_upgrade_error,
{keyfile,
{badmatch,
{error,
{asn1,
{wrong_tag,
{{expected,16},
{got,65559,
{65559,
<<189,161,93,22,250,37,208,24,41,66,94,
143,143,45,8,23,53,130,17,97>>}}}}}}}}}
Michael Klishin
Jun 26, 2015, 5:34:15 PM6/26/15
to RabbiFannatic, rabbitm...@googlegroups.com
What versions of Erlang and OpenSSL do you have?
MK
MK
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
RabbiFannatic
Jun 26, 2015, 5:54:00 PM6/26/15
to rabbitm...@googlegroups.com
Erlang 17
openssl version
OpenSSL 0.9.8zd 8 Jan 2015
Michael Klishin
Jun 26, 2015, 6:03:34 PM6/26/15
to RabbiFannatic, rabbitm...@googlegroups.com
Try 17.5. This is a TLS implementation issue
but hard to tell on which end. Worth asking on erlang-questions, please provide some details about you key (e.g. openssl x509 -text output or similar).
MK
MK
--
RabbiFannatic
Jun 26, 2015, 6:18:19 PM6/26/15
to rabbitm...@googlegroups.com
I get this
unable to load Private Key
41186:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/SourceCache/OpenSSL098/OpenSSL098-52.20.2/src/crypto/evp/evp_enc.c:330:
41186:error:0906A065:PEM routines:PEM_do_header:bad decrypt:/SourceCache/OpenSSL098/OpenSSL098-52.20.2/src/crypto/pem/pem_lib.c:428:
when I run this
openssl rsa -in key.pem -check
On Friday, June 26, 2015 at 5:14:59 PM UTC-4, RabbiFannatic wrote:
Michael Klishin
Jun 26, 2015, 6:43:47 PM6/26/15
to RabbiFannatic, rabbitm...@googlegroups.com
That looks like an openssl problem. Try a different version on another machine, for example.
MK
MK
--
Michael Klishin
Jun 26, 2015, 6:51:27 PM6/26/15
to rabbitm...@googlegroups.com, RabbiFannatic
On 27 June 2015 at 01:18:21, RabbiFannatic (rmar...@gmail.com) wrote:
> unable to load Private Key
> 41186:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt:/SourceCache/OpenSSL098/OpenSSL098-52.20.2/src/crypto/evp/evp_enc.c:330:
> 41186:error:0906A065:PEM routines:PEM_do_header:bad decrypt:/SourceCache/OpenSSL098/OpenSSL098-52.20.2/src/crypto/pem/pem_lib.c:428:
>
> when I run this
>
> openssl rsa -in key.pem -check
besides trying a different openssl version on another machine,
> unable to load Private Key
> 41186:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt:/SourceCache/OpenSSL098/OpenSSL098-52.20.2/src/crypto/evp/evp_enc.c:330:
> 41186:error:0906A065:PEM routines:PEM_do_header:bad decrypt:/SourceCache/OpenSSL098/OpenSSL098-52.20.2/src/crypto/pem/pem_lib.c:428:
>
> when I run this
>
> openssl rsa -in key.pem -check
consider trying another pair of keys, e.g. generated with tls-gen [1], just
to narrow down if it is an openssl or certificate issue.
1. https://github.com/michaelklishin/tls-gen/
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
RabbiFannatic
Jun 26, 2015, 7:14:53 PM6/26/15
to rabbitm...@googlegroups.com
I have the same version of Openssl in another machine and it works fine.
On Friday, June 26, 2015 at 5:14:59 PM UTC-4, RabbiFannatic wrote:
Reply all
Reply to author
Forward
0 new messages