我是rabbitMQ的新手。我在本地为rabbitMQ启用了TLS。作为其中的一部分,我在 WINDOWS 计算机上创建了证书(遵循 LINIUX 步骤),如 https://www.rabbitmq.com/ssl.html.
中所述。还更新了rabbitMQ.config文件,如下:
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [
{cacertfile,"/etc/ca_certificate.pem"},
{certfile,"/etc/private_key.pem"},
{keyfile,"/etc/server_certificate.pem"},
{password, "MySecretPassword"},
{verify,verify_peer},
{fail_if_no_peer_cert,true}
]}
]}
].
在 WINDOWS 机器上创建证书的步骤:
Bash 命令提示符:
cd /C/temp/ThirdOne mkdir testca CD测试卡 mkdir 证书私有 chmod 700 私人 回声 01 > 串行 触摸索引.txt
使用 OpenSSL CMD
openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 -out ca_certificate.pem -outform PEM -subj /CN=MyTestCA/ -nodes
openssl x509 -in ca_certificate.pem -out ca_certificate.cer -outform DER
mkdir 服务器
CD服务器
openssl genrsa -out private_key.pem 2048
openssl req -new -key private_key.pem -out req.pem -outform PEM -subj /CN=desktop-s08pnk3/O=server/ -nodes
cd..
openssl ca -config openssl.cnf -in ./server/req.pem -out ./server/server_certificate.pem -notext -batch -extensions server_ca_extensions
openssl pkcs12 -export -out ./server/server_certificate.p12 -in ./server/server_certificate.pem -inkey ./server/private_key.pem -passout pass:MySecretPassword
mkdir 客户端
cd客户端
openssl genrsa -out private_key.pem 2048
openssl req -new -key private_key.pem -out req.pem -outform PEM -subj /CN=desktop-s08pnk3/O=client/ -nodes
cd..
openssl ca -config openssl.cnf -in ./client/req.pem -out ./client/client_certificate.pem -notext -batch -extensions client_ca_extensions
openssl pkcs12 -export -out ./client/client_certificate.p12 -in ./client/client_certificate.pem -inkey ./client/private_key.pem -passout pass:MySecretPassword
最重要的是,我在本地安装了客户端的证书。
注意:我的客户端和服务器都只是本地计算机。
我用于连接rabbit MQ的代码:
private static void RabbitMQWithSSLEnable()
{
try
{
string rabbitmqHostName = "desktop-s08pnk3";
string rabbitmqServerName = "desktop-s08pnk3";
string certificateFilePath = @"C:\temp\ThirdOne\client\client_certificate.pem";
string certificatePassphrase = "MySecretPassword";
string rabbitmqUsername = "test";
string rabbitmqPassword = "test";
var factory = new ConnectionFactory();
factory.HostName = rabbitmqHostName;
factory.UserName = rabbitmqUsername;
factory.Password = rabbitmqPassword;
//factory.Uri = new Uri("amqps://test:test@desktop-s08pnk3");
factory.AuthMechanisms = new IAuthMechanismFactory[] { new ExternalMechanismFactory() };
// Note: This should NEVER be "localhost"
factory.Ssl.ServerName = rabbitmqServerName;
// Path to my .p12 file.
factory.Ssl.CertPath = certificateFilePath;
// Passphrase for the certificate file - set through OpenSSL
factory.Ssl.CertPassphrase = certificatePassphrase;
factory.Ssl.Enabled = true;
// Make sure TLS 1.2 is supported & enabled by your operating system
factory.Ssl.Version = SslProtocols.Tls12;
// This is the default RabbitMQ secure port
factory.Port = AmqpTcpEndpoint.UseDefaultPort;
factory.VirtualHost = "/";
factory.Ssl.AcceptablePolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch | SslPolicyErrors.RemoteCertificateNotAvailable;
//System.Net.ServicePointManager.Expect100Continue = false;
using (var connection = factory.CreateConnection())
{
using (var channel = connection.CreateModel())
{
// publish some messages...
}
}
}
catch (System.Exception ex)
{
var error = ex.ToString();
System.Console.WriteLine(error);
}
}
上面的代码抛出错误:
RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable
---> System.AggregateException: One or more errors occurred. (Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..)
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken)
at System.Net.Security.SslStream.BeginAuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
at System.Net.Security.SslStream.BeginAuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation, AsyncCallback asyncCallback, Object asyncState)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__64_1(String arg1, X509CertificateCollection arg2, SslProtocols arg3, AsyncCallback callback, Object state)
at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2,TArg3](Func`6 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, TArg3 arg3, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2,TArg3](Func`6 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, TArg3 arg3, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2,TArg3](Func`6 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, TArg3 arg3, Object state)
at System.Net.Security.SslStream.AuthenticateAsClientAsync(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at RabbitMQ.Client.Impl.SslHelper.<>c__DisplayClass2_0.<TcpUpgrade>b__0(SslOption opts)
at RabbitMQ.Client.Impl.SslHelper.TcpUpgrade(Stream tcpStream, SslOption options)
at RabbitMQ.Client.Impl.SocketFrameHandler..ctor(AmqpTcpEndpoint endpoint, Func`2 socketFactory, TimeSpan connectionTimeout, TimeSpan readTimeout, TimeSpan writeTimeout)
at RabbitMQ.Client.Framing.Impl.IProtocolExtensions.CreateFrameHandler(IProtocol protocol, AmqpTcpEndpoint endpoint, ArrayPool`1 pool, Func`2 socketFactory, TimeSpan connectionTimeout, TimeSpan readTimeout, TimeSpan writeTimeout)
at RabbitMQ.Client.ConnectionFactory.CreateFrameHandler(AmqpTcpEndpoint endpoint)
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
--- End of inner exception stack trace ---
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
at RabbitMQ.Client.Framing.Impl.AutorecoveringConnection.Init(IEndpointResolver endpoints)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
--- End of inner exception stack trace ---
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection()
at RabbitMQ.Explore.Program.RabbitMQWithSSLEnable() in C:\Users\warke\source\repos\RabbitMQ.Explore\RabbitMQ.Explore\Program.cs:line 71
谁能帮我解决这个问题吗?
谢谢。
以下是我尝试过的事情:
A) 在互联网选项上启用 TLS。 B) 也启用端口。
@团队仅供参考和问题:
请检查我的存储库以获取工作示例,在这里您将能够使用 ssl (tls,mtls) 连接 RabbitMQ 存储库链接