Following the instructions here , I created a certification authority and created rabbitmq.config with the appropriate fields. However, when I try to connect to the RabbitMQ server using
openssl s_client -connect 127.0.0.1:5671 -tls1
In the standard release, I get the following:
CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1449612785 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
and I see the following error in the logs:
=ERROR REPORT==== 8-Dec-2015::16:13:10 === Error on AMQP connection <0.257.0>: {ssl_upgrade_error, {options, {cacertfile,"/home/nthompson/learn_celery/testca/cacert.pem", {error,eacces}}}}
What could be the problem?
I tried the following, without success:
Open cacert.pem , i.e. I ran chmod 444 cacert.pem , as well as several more hopeless, boneless permissions.
Checked that all staging directories have 775 permissions.
It was verified that the RabbitMQ server was indeed listening on port 5671, and this was:
$ sudo rabbitmq status {listeners,[{clustering,25672,"::"},{amqp,5672,"::"},{'amqp/ssl',5671,"::"}]},
We checked all the paths in rabbitmq.config and weakened the certificate exchange policy by setting {verify,verify_none} and {fail_if_no_peer_cert,false} .
Enabled using rabbitmq_auth_mechanism_ssl plugin via
$ sudo rabbitmq-plugins enable rabbitmq_auth_mechanism_ssl
and confirmed that it was raised on rabbitmq-server . In addition, I added {auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']} in rabbitmq.config .
RabbitMQ version is 3.5.4 (apt-get by default), but I also upgraded to 3.5.6 (last) to see if this disappears.
source share