RabbitMQ + C# + SSL -
i'm trying use c# rabbitmq 3.6.2 use ssl/tls on windows 7 against erlang 18.0. i'm running errors when i'm enabling ssl in c# code. have gone through steps set ssl/tls here. i've gone through [troubleshooting steps][2] show turn successful (except couldn't stunnel step due lack of knowledge of stunnel). here's c# code trying connect rabbitmq:
var factory = new connectionfactory() { // note: guest username works hostname "localhost"! //hostname = environment.machinename, hostname = "localhost", username = "guest", password = "guest", }; // without line, rabbitmq.log shows error: "ssl: hello: tls_handshake.erl:174:fatal error: protocol version" // when add line go tls 1.2, .net throws exception: remote certificate invalid according validation procedure. // https://stackoverflow.com/questions/9983265/the-remote-certificate-is-invalid-according-to-the-validation-procedure: // walked through tutorial add client certificate windows trusted root certificate: http://www.sqlservermart.com/howto/windows_import_certificate.aspx factory.ssl.version = sslprotocols.tls12; factory.ssl.servername = "localhost"; //system.net.dns.gethostname(); factory.ssl.certpath = @"c:\openssl-win64\client\keycert.p12"; factory.ssl.certpassphrase = "re$sp3cmys3curi1ae!"; factory.ssl.enabled = true; factory.port = 5671; // error: "the remote certificate invalid according validation procedure." using (var connection = factory.createconnection()) { }
there's stackoverflow post regarding "the remote certificate invalid according validation procedure." exception, hack fix doesn't seem take effect callback method suggested never called. think i've added certificate generated via openssl windows trusted root certification authorities certificates list local computer. i'm @ loss here. ideas on how proceed?
edit: here's final working code struggling implement ssl on rabbit:
var factory = new connectionfactory(); factory.hostname = configurationmanager.appsettings["rabbitmqhostname"]; factory.authmechanisms = new authmechanismfactory[] { new externalmechanismfactory() }; // note: should never "localhost" factory.ssl.servername = configurationmanager.appsettings["rabbitmqservername"]; // path .p12 file. factory.ssl.certpath = configurationmanager.appsettings["certificatefilepath"]; // passphrase certificate file - set through openssl factory.ssl.certpassphrase = configurationmanager.appsettings["certificatepassphrase"]; factory.ssl.enabled = true; // make sure tls 1.2 supported & enabled operating system factory.ssl.version = sslprotocols.tls12; // default rabbitmq secure port factory.port = 5671; factory.virtualhost = "/"; // standard rabbitmq authentication factory.username = configurationmanager.appsettings["rabbitmqusername"]; factory.password = configurationmanager.appsettings["rabbitmqpassword"]; using (var connection = factory.createconnection()) { using (var channel = connection.createmodel()) { // publish messages... } }
thanks,
andy
usual problem mismatch between provide in ssl.servername
, host ssl certificate issued for.
also note server-side ssl (encrypted connection between client , server) , client-side authentication certificate (you provide server information confirms have certificate expects) 2 different things. providing ssl.certpath
intent authorize @ server using certificate, might or might not want.
Comments
Post a Comment