Quantcast
RabbitMQ

Help with the SSL tutorial on Windows Server 2008

classic Classic list List threaded Threaded
5 messages Options
Wiessler, Wolfgang
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Help with the SSL tutorial on Windows Server 2008

Wiessler, Wolfgang

Hello,

 

I recently installed RabbitMQ and successfully ran some of the tutorials using the .NET client. So far so good. Now I want to enable SSL encryption, but I am having problems following the tutorial.

 

Server is Windows Server 2008, 64 Bit.

My client is Windows 7 (64 Bit), but in the deployment scenario will be Windows Server 2008, 64 Bit.

 

What I did so far:

-          Installed otp_win64_R15B01.exe 

-          Installed rabbitmq-server-2.8.2.exe

-          Added the rabbitmq.config file to the appdata/RabbitMQ directory with the content as shown in the tutorial (did not change the certificates yet)

 

When I start the service, the log shows

=INFO REPORT==== 12-Jun-2012::17:26:18 ===

started SSL Listener on [::]:5671

 

=INFO REPORT==== 12-Jun-2012::17:26:18 ===

started SSL Listener on 0.0.0.0:5671

 

Now I would like to create my own Certificate Authority and create certificates. The example in the tutorial seems to be using UNIX and does not show where to expect certain executables (e.g. openssl). I cannot find the file when I am searching for it on my server. Also certain UNIX commands are not available in Windows and I am not sure if they are required under windows or what the equivalent is (chmod, touch).

 

Could somebody please shed some light on what is missing? Do I need to install anything else? The tutorial is mentioning certain extra steps for Erlang R13B, but I am using R15B so I can ignore these steps?

 

Thanks for any help,

Wolfgang

 


_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Michael Demir
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Help with the SSL tutorial on Windows Server 2008

Michael Demir

Did you try installing openSSL package?  The 64 Bit package can be downloaded from http://www.slproweb.com/products/Win32OpenSSL.html?

 

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Wiessler, Wolfgang
Sent: Tuesday, June 12, 2012 11:15 AM
To: [hidden email]
Subject: [rabbitmq-discuss] Help with the SSL tutorial on Windows Server 2008

 

Hello,

 

I recently installed RabbitMQ and successfully ran some of the tutorials using the .NET client. So far so good. Now I want to enable SSL encryption, but I am having problems following the tutorial.

 

Server is Windows Server 2008, 64 Bit.

My client is Windows 7 (64 Bit), but in the deployment scenario will be Windows Server 2008, 64 Bit.

 

What I did so far:

-          Installed otp_win64_R15B01.exe 

-          Installed rabbitmq-server-2.8.2.exe

-          Added the rabbitmq.config file to the appdata/RabbitMQ directory with the content as shown in the tutorial (did not change the certificates yet)

 

When I start the service, the log shows

=INFO REPORT==== 12-Jun-2012::17:26:18 ===

started SSL Listener on [::]:5671

 

=INFO REPORT==== 12-Jun-2012::17:26:18 ===

started SSL Listener on 0.0.0.0:5671

 

Now I would like to create my own Certificate Authority and create certificates. The example in the tutorial seems to be using UNIX and does not show where to expect certain executables (e.g. openssl). I cannot find the file when I am searching for it on my server. Also certain UNIX commands are not available in Windows and I am not sure if they are required under windows or what the equivalent is (chmod, touch).

 

Could somebody please shed some light on what is missing? Do I need to install anything else? The tutorial is mentioning certain extra steps for Erlang R13B, but I am using R15B so I can ignore these steps?

 

Thanks for any help,

Wolfgang

 


_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Emile Joubert-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Help with the SSL tutorial on Windows Server 2008

Emile Joubert-2
In reply to this post by Wiessler, Wolfgang
Hi Wolfgang,

On 12/06/12 17:15, Wiessler, Wolfgang wrote:
> Now I would like to create my own Certificate Authority and create
> certificates. The example in the tutorial seems to be using UNIX and
> does not show where to expect certain executables (e.g. openssl). I
> cannot find the file when I am searching for it on my server. Also
> certain UNIX commands are not available in Windows and I am not sure if
> they are required under windows or what the equivalent is (chmod, touch).

If you wish to follow the steps verbatim on Windows then install Cygwin.
The examples assume that you have the OpenSSL binaries and utilities on
your PATH. You can do the same on WINDOWS.

> Could somebody please shed some light on what is missing? Do I need to
> install anything else? The tutorial is mentioning certain extra steps
> for Erlang R13B, but I am using R15B so I can ignore these steps?

You don't have to use OpenSSL. If you have your own PKI then feel free
to use that. You will need to refer to the documentation of your PKI
provider and ensure that certificates and keys are in the correct format.

If you choose to use OpenSSL for creating and signing certificates then
you will need to install it first. See
http://www.openssl.org/related/binaries.html

On average later versions of Erlang have fewer SSL bugs than earlier
versions. Using R15B (or later) should be fine.



-Emile


_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Wiessler, Wolfgang
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Help with the SSL tutorial on Windows Server 2008

Wiessler, Wolfgang
Thanks Emile and Michael for you help. I installed OpenSSL (the 32 Bit version on the 64 Bit Windows as stated in the tutorial). I successfully generated the certificates according to the tutorial. But now I am running into a problem when starting the RabbitMQ Service. It terminates right away without any specific error. In the event viewer "System" log, I get the following error:

--------
RabbitMQ: Erlang machine stopped instantly (distribution name conflict?). The service is not restarted as OnFail is set to ignore.
--------

My config file looks like this (the paths are correct):
[
  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,C:/Messaging/testca/cacert.pem},
                    {certfile,C:/Messaging/server/cert.pem},
                    {keyfile,C:/Messaging/server/key.pem},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}
   ]}
].

I cannot find any more details on this error. The log file is empty. Any idea what might cause this? Are the generated certificates incorrect? Surprisingly, the service starts fine if I replace the values with invalid dummy entries.

-Wolfgang



-----Original Message-----
From: Emile Joubert [mailto:[hidden email]]
Sent: Mittwoch, 13. Juni 2012 10:55
To: Wiessler, Wolfgang
Cc: [hidden email]
Subject: Re: [rabbitmq-discuss] Help with the SSL tutorial on Windows Server 2008

Hi Wolfgang,

On 12/06/12 17:15, Wiessler, Wolfgang wrote:
> Now I would like to create my own Certificate Authority and create
> certificates. The example in the tutorial seems to be using UNIX and
> does not show where to expect certain executables (e.g. openssl). I
> cannot find the file when I am searching for it on my server. Also
> certain UNIX commands are not available in Windows and I am not sure
> if they are required under windows or what the equivalent is (chmod, touch).

If you wish to follow the steps verbatim on Windows then install Cygwin.
The examples assume that you have the OpenSSL binaries and utilities on your PATH. You can do the same on WINDOWS.

> Could somebody please shed some light on what is missing? Do I need to
> install anything else? The tutorial is mentioning certain extra steps
> for Erlang R13B, but I am using R15B so I can ignore these steps?

You don't have to use OpenSSL. If you have your own PKI then feel free to use that. You will need to refer to the documentation of your PKI provider and ensure that certificates and keys are in the correct format.

If you choose to use OpenSSL for creating and signing certificates then you will need to install it first. See http://www.openssl.org/related/binaries.html

On average later versions of Erlang have fewer SSL bugs than earlier versions. Using R15B (or later) should be fine.



-Emile


_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Emile Joubert-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Help with the SSL tutorial on Windows Server 2008

Emile Joubert-2
On 13/06/12 11:00, Wiessler, Wolfgang wrote:

>      {ssl_options, [{cacertfile,C:/Messaging/testca/cacert.pem},

You need to add quotes around the paths.
_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Loading...
Powered by Nabble Edit this page