TLS + Rabbitmq + MQTT

[Le Anh]

Hi, i have a issuae, a config rabbitmq with /etc/rabbitmq/rabbit.conf and a add plugin mqtt,
In rabbitmq.conf i config:

mqtt.listeners.tcp.1 = 8883

mqtt.listeners.tcp.default = 1883

ssl_options.cacertfile = /etc/rabbitmq/tls-gen/basic/result/ca_certificate.pem
ssl_options.certfile = /etc/rabbitmq/tls-gen/basic/result/server_certificate>
ssl_options.keyfile = /etc/rabbitmq/tls-gen/basic/result/server_key.pem

ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true

i want to use tls mqtt in port 8883
But in client i use MQTTBox and MQTTfx, i cant connect to server MQTT (Rabbitmq - port 8883)
Can U help me about that!
In my server i add : ca_certificate.pem, client_

[Michal Kuratczyk]

Hi,

I think what you want is:

mqtt.listeners.ssl.default = 8883

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/07b25aaf-1f4e-4fe7-b78c-8508fcc3e7a4n%40googlegroups.com.

--

Michał

RabbitMQ team

[Le Anh]

Sorry you i type error, in my config is ssl = 8883, not tcp. Client i ise mqtt and add 3 cert but it not working can u help me

Vào Th 6, 17 thg 9, 2021 lúc 19:06 Michal Kuratczyk <mkura...@gmail.com> đã viết:

To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/CAA81d0vPZ0Fft9vhKVmn4-gWFhGq%3DAWkyFt6JMD7Pg5eq%2BeAQQ%40mail.gmail.com.

[Michal Kuratczyk]

You didn't explain what "not working" means. Can you connect on the TCP level but TLS doesn't work? 

Check `rabbitmqctl cluster_status` to see if the MQTT listeners are there.

Check the logs if there is anything there

If the listeners are enabled but you get connection refused or timeouts - probably the problem is on the network level, not RabbitMQ.

If neither helps - provide us with some data (commands you run, output, errors) to work with. We can't help much otherwise.

To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/CABdJwTK%3DcfXBt8GqtUmOdFXaDVi5o%3DcTBNoRZ5NQTcrTRk%3DmDQ%40mail.gmail.com.

--

Michał

[Le Anh]

i use rabbitmq version 3.8.3

i use tls-gen to gen certificate, my out put:

ca_certificate.pem     client_certificate.pem  server_certificate.pem  srv.crt

ca_certificate.srl        client_key.p12          server_key.p12          srv.csr

ca_key.pem                 client_key.pem          server_key.pem          srv.key

I command : rabbitmqctl cluster_status, ouput:

Node: rabbit@241-Automation-Test, interface: [::], port: 25672, protocol: clustering, purpose: inter-node and CLI tool communication

Node: rabbit@241-Automation-Test, interface: [::], port: 5672, protocol: amqp, purpose: AMQP 0-9-1 and AMQP 1.0

Node: rabbit@241-Automation-Test, interface: [::], port: 15672, protocol: http, purpose: HTTP API

Node: rabbit@241-Automation-Test, interface: [::], port: 1883, protocol: mqtt, purpose: MQTT

Node: rabbit@241-Automation-Test, interface: [::], port: 8883, protocol: mqtt/ssl, purpose: MQTT over TLS

Feature flags

Flag: drop_unroutable_metric, state: disabled

Flag: empty_basic_get_metric, state: disabled

Flag: implicit_default_bindings, state: enabled

Flag: quorum_queue, state: enabled

Flag: virtual_host_metadata, state: enabled

 In my client mqtt i use mqttfx i add CA file is: ca_certificate.pem then connect but error:

2021-09-17 20:04:21,688 ERROR --- MqttFX ClientModel             : Please verify your Settings (e.g. Broker Address, Broker Port & Client ID) and the user credentials!

org.eclipse.paho.client.mqttv3.MqttException: MqttException

at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?]

at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:715) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?]

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) ~[?:1.8.0_181]

at java.util.concurrent.FutureTask.run(Unknown Source) ~[?:1.8.0_181]

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(Unknown Source) ~[?:1.8.0_181]

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) ~[?:1.8.0_181]

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:1.8.0_181]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_181]

at java.lang.Thread.run(Unknown Source) [?:1.8.0_181]

Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[?:1.8.0_181]

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[?:1.8.0_181]

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:1.8.0_181]

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:1.8.0_181]

at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:108) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?]

at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:701) ~[org.ec

Vào lúc 19:37:47 UTC+7 ngày Thứ Sáu, 17 tháng 9, 2021, mkura...@gmail.com đã viết:

[Le Anh]

I found reason:
chmod 777 directory and all file certificate -> it's running
I will close issue!

Vào Th 6, 17 thg 9, 2021 vào lúc 20:05 Le Anh <levanta...@gmail.com> đã viết:

To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/c80f954e-8e55-4187-8d04-1e3bc5623c2fn%40googlegroups.com.