我正在尝试连接我的RabbitMQ服务器,该服务器被强制使用SSL,并受到用户和密码的保护。以前,我成功地从C#,PHP和Python应用程序连接到此服务器。
这是我的node.js代码:
const amqp = require('amqplib');
const fs = require('fs');
const config = {...}
const opts = {
ca: [fs.readFileSync(config.certificatePath)]
};
const url = `amqps://${config.username}:${config.password}@${config.hostname}:${config.port}`;
const open = amqp.connect(url, opts);
open.then(function(conn) {
console.log('connected.');
}).then(null, console.warn);
我得到的错误是:无法获得本地颁发者证书
1)错误是什么意思?
2)连接需要做什么?
注意:在library's ssl guide中,它写成“(必须)提供一个选项对象,它将被传递给tls.connect()。”我无法理解这个指令,他们也没有使用tls.connect()的例子。我尝试了一些变化但失败了,也许它会给这里的某个人一个线索。
你有你的证书路径分配给ca,你错过了你的cert和key。
var opts = {
cert: certificateAsBuffer, // client cert
key: privateKeyAsBuffer, // client key
passphrase: 'MySecretPassword', // passphrase for key
ca: [caCertAsBuffer] // array of trusted CA certs
};
你可以找到一个参考here
我用amqplib版本0.5.3试了一下,这是我的工作实例,src/amqplib-ssl-example.js:
var fs = require('fs')
const path = require('path')
var opts = {
cert: fs.readFileSync(path.resolve(__dirname, '../ssl/client/client_certificate.pem')),
key: fs.readFileSync(path.resolve(__dirname, '../ssl/client/private_key.pem')),
ca: [fs.readFileSync(path.resolve(__dirname, '../ssl/testca/ca_certificate_bundle.pem'))],
rejectUnauthorized: false
}
var q = 'tasks'
function bail (err) {
console.error(err)
process.exit(1)
}
// Publisher
function publisher (conn) {
conn.createChannel(onOpen)
function onOpen (err, ch) {
if (err != null) bail(err)
ch.assertQueue(q)
const msg = 'something to do'
ch.sendToQueue(q, Buffer.from(msg))
console.log('Publisher: ', msg)
}
}
// Consumer
function consumer (conn) {
conn.createChannel(onOpen)
function onOpen (err, ch) {
if (err != null) bail(err)
ch.assertQueue(q)
ch.consume(q, function (msg) {
if (msg !== null) {
console.log('Consumer: ', msg.content.toString())
ch.ack(msg)
}
})
}
}
require('amqplib/callback_api')
.connect('amqps://guest:guest@localhost', opts, function (err, conn) {
if (err != null) bail(err)
consumer(conn)
publisher(conn)
})
运行此代码时,node src/amqplib-ssl-example.js,这是输出:
Publisher: something to do
Consumer: something to do
RabbitMQ服务器记录以下消息,您可以在其中看到连接是通过SSL进行的。
rabbitmq_1 | 2019-03-24 00:05:41.579 [info] <0.431.0> started TLS (SSL) listener on [::]:5671
...
rabbitmq_1 | 2019-03-24 00:23:35.938 [info] <0.518.0> accepting AMQP connection <0.518.0> (192.168.96.1:45014 -> 192.168.96.2:5671)
rabbitmq_1 | 2019-03-24 00:23:35.949 [info] <0.518.0> connection <0.518.0> (192.168.96.1:45014 -> 192.168.96.2:5671): user 'guest' authenticated and granted access to vhost '/'
为了您的信息,我按照以下说明为此示例手动生成证书:
https://www.rabbitmq.com/ssl.html#manual-certificate-generation