RabbitMQ SSL 配置

RabbitMQ SSL 配置

我生成了一个 letsencrypt 证书,并尝试使用我的 rabbitmq 服务器配置该证书。我启用了 rabbitmq_management 和 rabbitmq_mqtt 插件,并使用相同的 ssl 证书配置。我的配置如下所示。我设法使用 https 从浏览器访问 rabbitmq 管理控制台。但是,每当我尝试使用 mqtt 客户端连接 rabbitmq 时,它都不会成功。我注意到如下所示的错误日志。我还尝试连接到端口 5671,如 “rabbitmq 的 tls/ssl 故障排除”。连接也抛出了异常。有人能告诉我可能出了什么问题吗?

配置 :

[
     {rabbit,
      [
        {ssl_listeners, [5671]},
        {tcp_listeners, [{"127.0.0.1", 5672}, {"::1", 5672}]},
        {ssl_options, [{cacertfile,"/ssl/s2.domain.co/chain.pem"},
                        {certfile,"/ssl/s2.domain.co/cert.pem"},
                        {keyfile,"/ssl/s2.domain.co/privkey.pem"},
                        {verify,verify_none},
                        {fail_if_no_peer_cert,false}]}, 
      ]
     },
     {kernel, []},
     {rabbitmq_management,
      [
        {listener, [
                    {port, 15672},
                    {ip, "0.0.0.0"},
                    {ssl, true},
                    {ssl_opts, [{cacertfile, "/ssl/s2.domain.co/chain.pem"},
                               {certfile,   "/ssl/s2.domain.co/cert.pem"},
                               {keyfile,    "/ssl/s2.domain.co/privkey.pem"}]}
            ]
        }
      ]
     }
     {rabbitmq_stomp, []},
     {rabbitmq_mqtt, [{ssl_listeners,[8883]},{tcp_listeners,[1883]}]},
     {rabbitmq_amqp1_0, []},
     {rabbitmq_auth_backend_ldap, []} 
    ].

mqtt连接错误日志:

=ERROR REPORT==== 12-Apr-2016::03:39:17 ===
SSL: certify: ssl_alert.erl:92:Fatal error: certificate unknown 

运行连接端口 5671 的命令:

openssl s_client -connect localhost:5671

连接端口 5671 的异常:

  CONNECTED(00000003)
    depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
    verify error:num=19:self signed certificate in certificate chain
    verify return:0
    ---
    Certificate chain
     0 s:/CN=s2.domain.co
       i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
     1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
       i:/O=Digital Signature Trust Co./CN=DST Root CA X3
     2 s:/O=Digital Signature Trust Co./CN=DST Root CA X3
       i:/O=Digital Signature Trust Co./CN=DST Root CA X3
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIFADCCA+igAwIBAgISAypMQeOTn5dLIvtJer33fdsZMA0GCSqGSIb3DQEBCwUA
   ...
    UiCsw7U66T3TDVjQrduiZueUKtr//BYO0rWGpLdUBFjjGHK/
    -----END CERTIFICATE-----
    subject=/CN=s2.domain.co
    issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 3871 bytes and written 477 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES256-SHA384
        Session-ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        Session-ID-ctx: 
        Master-Key: xxxxxxxxxxxx
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        Start Time: 1460433641
        Timeout   : 300 (sec)
        Verify return code: 19 (self signed certificate in certificate chain)
    ---

相关内容