windows - Kan ikke oprette forbindelse til RabbitMq Broker ved hjælp af pkcs12-filen

Indlæg af Hanne Mølgaard Plasc

Problem



Jeg skrev et tidligere spørgsmål i sidste uge her.


På maskinen, jeg brugte, var jeg i stand til at få det til at køre korrekt. Når jeg har lavet opsætningen på en anden maskine, har jeg dog gået forbi alt, men når jeg tilslutter RabbitMq mægleren med en .NET klientprogram, fejler den i filen pkcs12 og siger det er dårligt formateret.


Jeg har regenereret denne fil et par gange nu, og sørg for, at jeg bruger henholdsvis klienten og serveren .pem filer, stadig til ingen nytte.


I fejlfindingslinket her går alle tests fuldstændigt. [16]


Miljø:



  Erlang 19.1

  
  RabbitMq 3.6.6

  
  Windows Server 2012 R2



Min RabbitMq config fil:


[
  {rabbit, [
     {ssl\_listeners, [5671]},
     {ssl\_options, [{cacertfile,"C:\rabbitcerts\testca\cacert.pem"},
                    {certfile,"C:\rabbitcerts\server\cert.pem"},
                    {keyfile,"C:\rabbitcerts\server\key.pem"},
                    {depth, 2},
                    {verify,verify\_peer},
                    {fail\_if\_no\_peer\_cert,false}]}
   ]}
].


Kører denne kommando:



  openssl s\_client-connect mitvs-atm01: 5671 -tls1 -cert klient/cert.pem -key klient/key.pem -CAfile testca/cacert.pem



Resultater i succes:


CONNECTED(00000130)
depth=1 CN = MyTestCA
verify return:1
depth=0 CN = mitvs-atm01, O = server
verify return:1
---
Certificate chain
 0 s:/CN=mitvs-atm01/O=server
   i:/CN=MyTestCA
 1 s:/CN=MyTestCA
   i:/CN=MyTestCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC5DCCAcygAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
c3RDQTAeFw0xNzAxMjUwMjIxMTZaFw0xODAxMjUwMjIxMTZaMCcxFDASBgNVBAMM
C21pdHZzLWF0bTAxMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7bqHNpdY1OUstv1EU361/tvsCZigsBy9+xAAkzmEVbUrl
ISOdyvA+oC5oKx2e7otENEAZ6I7D6AqhUsWltqCD5cE8pFipE1VDYchPMSLYH+xT
dYbuGBrEbMw4FYsgpL9WGHFQKkeoNDyJR9McUSmtBi5uQcxmIt+RFs2O6qxwS8pG
32VFwZEncxD4SfPF05pGBaAtV0IHGcw+mRlqHBEwK2qFr1b2FQacCGyv+JFea6ok
TFjKYByZrQCT3l3mlbmZjt+qFNMg4BhA4TWx8zhO5XzG3tiV86G+x8RJUllisKkK
A+dcaMpZ7wr3sz8WrP++UtE1rjDzX6Va3kP6O2YdAgMBAAGjLzAtMAkGA1UdEwQC
MAAwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEB
CwUAA4IBAQBlfQcXWrd+7f9DVx2BIyVcGHouWDFirwSU5IvvgIYyZFbivgosW9Wd
E7fueBUTkZihWG2KxXesVPIlaNy3851KV+r0/zZ+Frp7VX4FEcP900t+Bgy/w3fZ
9YHiZhGHQriA8YmQOkg/YweHU1GsT8APk3JbuqtyI+RRn5iltbDNGF2ch6me/w9E
0Jv0UJvQVuPqSr0mONCyM6JeDLAkaOHTkNEy++uEar/DWQB6D2hJGj7DxavcA/bL
GPbP0LDU3Vv6pn7i7WNHeye2E2Vq2WEAaacYjiluBpCEnvlCFZXX96jbmnzScJZ2
ZlIo27YDOfze6nuNQ1aqGT1wccIoVnhZ
-----END CERTIFICATE-----
subject=/CN=mitvs-atm01/O=server
issuer=/CN=MyTestCA
---
Acceptable client certificate CA names
/CN=MyTestCA
Client Certificate Types: RSA sign
---
SSL handshake has read 1672 bytes and written 2269 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: BD57EFDA3213AA48076CDB95E4EB60A79224B604F3C491CD0BB3D15700A3AC50

    Session-ID-ctx:
    Master-Key: 08F6E2B22EC7EB1FCBAB99A730F6301732FA56CB83F4E9DB4546DC27591E271A
67C115510EBECFBFDA1BCFE47DF49627
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1485370174
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)


Efter en vellykket forbindelse oprettede jeg keycert.p12 -filerne i hver klient og serverkataloger baseret på de relevante .pem filer.


Min klientkode:


\_busControl = Bus.Factory.CreateUsingRabbitMq(x =>
{
    var host = x.Host(new Uri(\_rabbitHost), h =>
    {
        h.Username(UserName);
        h.Password(Password);
        h.UseSsl(s =>
        {
            s.ServerName = SslHostName;
            s.CertificatePath = @"clientkeycert.p12";
            s.CertificatePassphrase = SslPassphrase;
            s.Protocol = SslProtocols.Tls;
        });
    });

    x.ReceiveEndpoint(host, \_imageExamEndpoint,
        e => { e.Consumer<UploadImageExamRequestConsumer>(); });

    x.ReceiveEndpoint(host, \_worklistEndpoint,
        e => { e.Consumer<WorklistRequestConsumer>(); });
});


Dette fungerer fint på den anden maskine, men på den nye maskine, vi opsætter, får vi følgende fejl:


RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted
   --- End of inner exception stack trace ---
   at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
   at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
   --- End of inner exception stack trace ---
   at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
   at RabbitMQ.Client.ConnectionFactory.CreateConnection(IList`1 hostnames, String clientProvidedName)
   at MassTransit.RabbitMqTransport.Integration.RabbitMqConnectionCache.SendUsingNewConnection(IPipe`1 connectionPipe, ConnectionScope scope, CancellationToken cancellationToken)

Connect failed: admin@mitvs-atm01:5671/

Bedste reference


Ser jeg mellem min arbejdsversion og min ikke-fungerende version, var den eneste ting, der var anderledes, min version af Erlang.


Jeg opgraderede min Windows Server 2012 R2 fra Erlang 19.1 til Erlang 19.2, og den startede med succes og lyttede sikkert.