Quantcast

RabbitMQ SSL issue

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RabbitMQ SSL issue

Ojha, Ashish

Hi Team,

 

I am having issues when I have fail_if_no_peer_cert set to “true” in the rabbitmq.config of the broker , I have the JAVA sample code and it always gives the below error ( It works fine when I have fail_if_no_peer_cert set to “false” )

 

Broker Error :

 

=INFO REPORT==== 22-Jul-2014::13:17:37 ===

accepting AMQP connection <0.318.0> (10.221.139.177:63560 -> 10.238.104.147:27575)

 

=ERROR REPORT==== 22-Jul-2014::13:17:38 ===

SSL: certify: tls_connection.erl:509:Fatal error: handshake failure

 

=ERROR REPORT==== 22-Jul-2014::13:17:43 ===

error on AMQP connection <0.318.0>: {ssl_upgrade_error,{tls_alert,[104,97,110,100,115,104,97,107,101,32,102,97,105,108,117,114,101]}

}...

 

 

Java Exception :

 

Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)

       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)

       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1657)

       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:932)

       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)

       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)

       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)

       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)

       at java.io.DataOutputStream.flush(DataOutputStream.java:106)

       at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:129)

       at com.rabbitmq.client.impl.SocketFrameHandler.sendHeader(SocketFrameHandler.java:134)

       at com.rabbitmq.client.impl.AMQConnection.start(AMQConnection.java:276)

       at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:590)

       at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:612)

       at SSL_Listener.main(SSL_Listener.java:55)

 

 

The Goldman Sachs Group, Inc. All rights reserved.

See http://www.gs.com/disclaimer/global_email for important risk disclosures, conflicts of interest and other terms and conditions relating to this e-mail and your reliance on information contained in it.  This message may contain confidential or privileged information.  If you are not the intended recipient, please advise us immediately and delete this message.  See http://www.gs.com/disclaimer/email for further information on confidentiality and the risks of non-secure electronic communication.  If you cannot access these links, please notify us by reply message and we will send the contents to you. 

 


_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: RabbitMQ SSL issue

Michael Klishin-2
On 22 July 2014 at 16:27:36, Ojha, Ashish ([hidden email]) wrote:
> >
> I am having issues when I have fail_if_no_peer_cert set to “true”  
> in the rabbitmq.config of the broker , I have the JAVA sample code  
> and it always gives the below error ( It works fine when I have fail_if_no_peer_cert  
> set to “false” )

Something is wrong with the way you configure TLS in the client (or with the cert/CA used).

See http://www.rabbitmq.com/troubleshooting-ssl.html.

 In case you need to generate
some development certificates quickly on a UNIX system, consider
https://github.com/michaelklishin/tls-gen/

(this includes the PKCS12 certificates used by JDK's keytool).
--  
MK  

Staff Software Engineer, Pivotal/RabbitMQ
_______________________________________________
rabbitmq-discuss mailing list has moved to https://groups.google.com/forum/#!forum/rabbitmq-users,
please subscribe to the new list!

[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Loading...