我正在尝试与Rabbitmq代理建立ssl连接。我遵循this page来帮助我,并且找到了我的错误,但是我不知道该由谁解决。我被困在与经纪人的测试连接中:
openssl s_client -connect localhost:5671 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1470206187
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
而且我没有日志,但我需要accepting AMQP connection。
#Rabbimq.conf
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,".../testca/cacert.pem"},
{certfile,".../server/cert.pem"},
{keyfile,".../server/key.pem"},
{ciphers, [{rsa,aes_256_cbc,sha256}]},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}
]}
].
我使用的证书已通过文档进行验证,验证和创建。
我认为这是不允许我执行ssl连接的问题。
谢谢
编辑:我使用用户rabbitmq在/ var / lib / rabbitmq创建了证书,并且像这样的权限正确,服务器可以访问证书。
在我替换掉Rabbitmq.config之后,一切对我都有用
{certfile,".../server/cert.pem"},
到完整文件路径。
{certfile,"/data/server/cert.pem"}
[rabbitmq在找不到或无法读取证书文件时什么也没说。
检查证书文件的权限!