Quantcast

RabbitMQ WebStomp SSL certificate

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RabbitMQ WebStomp SSL certificate

Peter Chen
This post has NOT been accepted by the mailing list yet.
Hello,

I'm trying to get webstomp working with the latest RabbitMQ 3.3.1 and a self signed certificate, but I keep on getting SSL errors when I point my browser to <a href="https://$myserver:$port/stomp">https://$myserver:$port/stomp

In Firefox 29 this is what I get:
    The key does not support the requested operation. (Error code: sec_error_invalid_key)

In Chrome the message is different but I'm quite sure it's due to the same error:
    Error code: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED

However, in IE9 and IE11 I successfully get the "Welcome to SockJS!" message.

Here is my setup:
Ubuntu 14.04
OpenSSL 1.0.1f (latest on the ubuntu repo)
RabbitMQ 3.3.1 (latest on http://www.rabbitmq.com/debian/ testing main)

My rabbitmq.config:
[
  {rabbitmq_stomp, [{tcp_listeners, [61613]},
                    {ssl_listeners, [61614]}]},

  {rabbitmq_web_stomp,
      [{ssl_config, [{port,       15678},
                     {backlog,    1024},
                     {certfile,   "/usr/local/ssl/crt/server.crt"},
                     {keyfile,    "/usr/local/ssl/private/server.key"},
                     {cacertfile, "/usr/local/ssl/crt/server.crt"},
                     {password,   ""}]}]}
].


And finally my self signed certificates were generated on the same machine:
    >> openssl genrsa -des3 -out server.key 1024
    >> openssl req -new -key server.key -out server.csr
    >> openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt


Has anyone ever encountered something like this?  Could it have been how the certificate was generated that is causing security exceptions to be thrown in Firefox and Chrome?

Thanks in advance for any help or hints.

// Peter
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: RabbitMQ WebStomp SSL certificate

tony75
This post has NOT been accepted by the mailing list yet.
Hi Peter, did you ever find a solution to this problem? You seem to have precisely the same problem I have.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: RabbitMQ WebStomp SSL certificate

tony75
This post has NOT been accepted by the mailing list yet.
In reply to this post by Peter Chen
Here are some more details of the issue you described; as you mentioned firefox and chrome report an SSL error. If you set security.tls.version.max to 0 in firefox you should be able to connect (this setting means configure SSL 3.0 and disable TLS). It looks like WebStomp insists on using the old vulnerable SSL 3.0 protocol perhaps?
Loading...