RabbitMQ Producer over SSL in C#
388 views
Skip to first unread message
Hulkstance
Oct 23, 2022, 5:37:01 PM10/23/22
to rabbitmq-users
I'm trying to convert the following RabbitMQ Producer over SSL code from Python to C#. I'm not sure how I can specify all these configurations for the certificates. How do I do that? There are chain certificates (3 files in total) that I'm not sure there are options for.
## Python
```py
context = ssl.create_default_context(cafile="./ca.pem")
context.load_cert_chain("./cp_certificate.pem", "./cp_key.pem")
ssl_options = pika.SSLOptions(context, "localhost")
credential = pika.PlainCredentials('rabbitmq', 'rabbitmq!QAZ')
conn_params = pika.ConnectionParameters(host="90.44.213.24", port=5671, ssl_options=ssl_options, credentials=credential, virtual_host='op_vhost')
connection = pika.BlockingConnection(conn_params)
channel = connection.channel()
channel.basic_publish(exchange='custom_flow', routing_key='custom_routing', body='body', mandatory=True)
```
## Current C# code
```cs
using System.Text;
using System.Text.Json;
using RabbitMQ.Client;
var factory = new ConnectionFactory
{
HostName = "localhost",
Port = 5671,
Ssl = new SslOption
{
Enabled = true,
ServerName = "localhost"
}
};
using var connection = factory.CreateConnection();
using var channel = connection.CreateModel();
channel.ExchangeDeclare("custom_flow", ExchangeType.Direct, arguments: null);
var count = 0;
while (true)
{
var message = new
{
Name = "Producer",
Message = $"Hello! Count: {count}"
};
var body = Encoding.UTF8.GetBytes(JsonSerializer.Serialize(message));
channel.BasicPublish("custom_flow", "custom_routing", null, body);
count++;
Console.WriteLine($"Sent message: {message}");
Thread.Sleep(1000);
}
```
## Python
```py
context = ssl.create_default_context(cafile="./ca.pem")
context.load_cert_chain("./cp_certificate.pem", "./cp_key.pem")
ssl_options = pika.SSLOptions(context, "localhost")
credential = pika.PlainCredentials('rabbitmq', 'rabbitmq!QAZ')
conn_params = pika.ConnectionParameters(host="90.44.213.24", port=5671, ssl_options=ssl_options, credentials=credential, virtual_host='op_vhost')
connection = pika.BlockingConnection(conn_params)
channel = connection.channel()
channel.basic_publish(exchange='custom_flow', routing_key='custom_routing', body='body', mandatory=True)
```
## Current C# code
```cs
using System.Text;
using System.Text.Json;
using RabbitMQ.Client;
var factory = new ConnectionFactory
{
HostName = "localhost",
Port = 5671,
Ssl = new SslOption
{
Enabled = true,
ServerName = "localhost"
}
};
using var connection = factory.CreateConnection();
using var channel = connection.CreateModel();
channel.ExchangeDeclare("custom_flow", ExchangeType.Direct, arguments: null);
var count = 0;
while (true)
{
var message = new
{
Name = "Producer",
Message = $"Hello! Count: {count}"
};
var body = Encoding.UTF8.GetBytes(JsonSerializer.Serialize(message));
channel.BasicPublish("custom_flow", "custom_routing", null, body);
count++;
Console.WriteLine($"Sent message: {message}");
Thread.Sleep(1000);
}
```
Luke Bakken
Oct 24, 2022, 1:29:15 PM10/24/22
to rabbitmq-users
Hello,
Did you see my response here? https://stackoverflow.com/questions/74132165/rabbitmq-producer-over-ssl-in-c-sharp
"
Note that on Windows you will install your CA certificate into one of the Root stores on the machine"
Have you done the above step?
I also asked if you're trying to use client certificate authentication. Are you?
Other questions:
- Have you configured RabbitMQ for TLS and verified that your configuration is correct? https://www.rabbitmq.com/troubleshooting-ssl.html
- What specific errors are you seeing with your C# client?
- What does RabbitMQ log when you try to run your client?
Thanks -
Luke
Luke
cveto
Oct 27, 2022, 4:02:38 PM10/27/22
to rabbitmq-users
@luker how come clients are so different between Python and .NET?
I am using .NET but not on Windows, what do I do?
I don't want to write scripts to install certs into some certificate stores in order to make my program runnable, how do I do that?
Luke Bakken
Oct 28, 2022, 9:55:34 AM10/28/22
to rabbitmq-users
Answers inline...
readonly openssl_store_dir='/usr/lib/ssl/certs'
readonly ca_certificate_file='ca_certificate.pem'
readonly local_ssl_dir='/path/to/my/certs'
cp "$local_ssl_dir/$ca_certificate_file" "$openssl_store_dir"
ln -s "$openssl_store_dir/$ca_certificate_file" "$openssl_store_dir/$(openssl x509 -hash -noout -in $openssl_store_dir/$ca_certificate_file).0"
On Thursday, October 27, 2022 at 1:02:38 PM UTC-7 cveto wrote:
@luker how come clients are so different between Python and .NET?
Because the underlying runtime is different. We obviously have no control over that.
I am using .NET but not on Windows, what do I do?I don't want to write scripts to install certs into some certificate stores in order to make my program runnable, how do I do that?
Yes, you will have to install certs into a certificate store, or else develop your own verification like this -
The general idea is to create your own X509 chain using the on-disk certs and verify the incoming certificate.
Really, the easiest way is to install your own root CA cert into the system store. Here is how we do it for the TLS-enabled RabbitMQ .NET client tests on Linux, which use a Debian docker container:
readonly ca_certificate_file='ca_certificate.pem'
readonly local_ssl_dir='/path/to/my/certs'
cp "$local_ssl_dir/$ca_certificate_file" "$openssl_store_dir"
ln -s "$openssl_store_dir/$ca_certificate_file" "$openssl_store_dir/$(openssl x509 -hash -noout -in $openssl_store_dir/$ca_certificate_file).0"
Thanks,
Luke
Reply all
Reply to author
Forward
0 new messages