我是rabbitMQ的新手。我在本地为rabbitMQ启用了TLS。作为它的一部分,我在我的WINDOWS机器上创建了证书(遵循LINIUX步骤),如https://www.rabbitmq.com/ssl.html中所讨论的。
还更新了rabbitMQ.config文件如下:
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [
{cacertfile,"/etc/ca_certificate.pem"},
{certfile,"/etc/private_key.pem"},
{keyfile,"/etc/server_certificate.pem"},
{password, "MySecretPassword"},
{verify,verify_peer},
{fail_if_no_peer_cert,true}
]}
]}
].在WINDOWS机器上创建证书所遵循的步骤:
Bash Cmd提示:
cd /C/temp/ThirdOne mkdir testca cd testca mkdir certs private chmod 700 private echo 01 > serial touch index.txt
使用OpenSSL CMD
openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 -out ca_certificate.pem -outform PEM -subj /CN=MyTestCA/ -nodes
openssl x509 -in ca_certificate.pem -out ca_certificate.cer -outform DER
mkdir服务器
cd服务器
openssl genrsa -out private_key.pem 2048
openssl req -new -key private_key.pem -out req.pem -outform PEM -subj /CN=desktop-s08pnk3/O=server/ -nodes
cd..
openssl ca -config openssl.cnf -in ./server/req.pem -out ./server/server_certificate.pem -notext -batch -extensions server_ca_extensions
openssl pkcs12 -export -out ./server/server_certificate.p12 -in ./server/server_certificate.pem -inkey ./server/private_key.pem -passout pass:MySecretPassword
mkdir客户端
光盘客户端
openssl genrsa -out private_key.pem 2048
openssl req -new -key private_key.pem -out req.pem -outform PEM -subj /CN=desktop-s08pnk3/O=client/ -nodes
cd..
openssl ca -config openssl.cnf -in ./client/req.pem -out ./client/client_certificate.pem -notext -batch -extensions client_ca_extensions
openssl pkcs12 -export -out ./client/client_certificate.p12 -in ./client/client_certificate.pem -inkey ./client/private_key.pem -passout pass:MySecretPassword
在此基础上,我在本地安装了客户端证书。
注意:我的客户端和服务器都是本地机器。
我用来连接到rabbit MQ的代码:
private static void RabbitMQWithSSLEnable()
{
try
{
string rabbitmqHostName = "desktop-s08pnk3";
string rabbitmqServerName = "desktop-s08pnk3";
string certificateFilePath = @"C:\temp\ThirdOne\client\client_certificate.pem";
string certificatePassphrase = "MySecretPassword";
string rabbitmqUsername = "test";
string rabbitmqPassword = "test";
var factory = new ConnectionFactory();
factory.HostName = rabbitmqHostName;
factory.UserName = rabbitmqUsername;
factory.Password = rabbitmqPassword;
//factory.Uri = new Uri("amqps://test:test@desktop-s08pnk3");
factory.AuthMechanisms = new IAuthMechanismFactory[] { new ExternalMechanismFactory() };
// Note: This should NEVER be "localhost"
factory.Ssl.ServerName = rabbitmqServerName;
// Path to my .p12 file.
factory.Ssl.CertPath = certificateFilePath;
// Passphrase for the certificate file - set through OpenSSL
factory.Ssl.CertPassphrase = certificatePassphrase;
factory.Ssl.Enabled = true;
// Make sure TLS 1.2 is supported & enabled by your operating system
factory.Ssl.Version = SslProtocols.Tls12;
// This is the default RabbitMQ secure port
factory.Port = AmqpTcpEndpoint.UseDefaultPort;
factory.VirtualHost = "/";
factory.Ssl.AcceptablePolicyErrors = SslPolicyErrors.RemoteCertificateChainErrors | SslPolicyErrors.RemoteCertificateNameMismatch | SslPolicyErrors.RemoteCertificateNotAvailable;
//System.Net.ServicePointManager.Expect100Continue = false;
using (var connection = factory.CreateConnection())
{
using (var channel = connection.CreateModel())
{
// publish some messages...
}
}
}
catch (System.Exception ex)
{
var error = ex.ToString();
System.Console.WriteLine(error);
}
}上面的代码抛出错误:
RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable
---> System.AggregateException: One or more errors occurred. (Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..)
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken)
at System.Net.Security.SslStream.BeginAuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
at System.Net.Security.SslStream.BeginAuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation, AsyncCallback asyncCallback, Object asyncState)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__64_1(String arg1, X509CertificateCollection arg2, SslProtocols arg3, AsyncCallback callback, Object state)
at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2,TArg3](Func`6 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, TArg3 arg3, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2,TArg3](Func`6 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, TArg3 arg3, Object state, TaskCreationOptions creationOptions)
at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2,TArg3](Func`6 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, TArg3 arg3, Object state)
at System.Net.Security.SslStream.AuthenticateAsClientAsync(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at RabbitMQ.Client.Impl.SslHelper.<>c__DisplayClass2_0.<TcpUpgrade>b__0(SslOption opts)
at RabbitMQ.Client.Impl.SslHelper.TcpUpgrade(Stream tcpStream, SslOption options)
at RabbitMQ.Client.Impl.SocketFrameHandler..ctor(AmqpTcpEndpoint endpoint, Func`2 socketFactory, TimeSpan connectionTimeout, TimeSpan readTimeout, TimeSpan writeTimeout)
at RabbitMQ.Client.Framing.Impl.IProtocolExtensions.CreateFrameHandler(IProtocol protocol, AmqpTcpEndpoint endpoint, ArrayPool`1 pool, Func`2 socketFactory, TimeSpan connectionTimeout, TimeSpan readTimeout, TimeSpan writeTimeout)
at RabbitMQ.Client.ConnectionFactory.CreateFrameHandler(AmqpTcpEndpoint endpoint)
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
--- End of inner exception stack trace ---
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
at RabbitMQ.Client.Framing.Impl.AutorecoveringConnection.Init(IEndpointResolver endpoints)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
--- End of inner exception stack trace ---
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection()
at RabbitMQ.Explore.Program.RabbitMQWithSSLEnable() in C:\Users\warke\source\repos\RabbitMQ.Explore\RabbitMQ.Explore\Program.cs:line 71有没有人可以帮我解决这个问题?
谢谢.
下面是我尝试过的事情:
A)在互联网上启用TLS选项。B)也启用端口。
@团队FYI和问题:
1.我在我的本地安装了客户端证书-不确定,因为它没有提到。
1.我需要在我的本地安装服务器证书,因为我试图从本地连接到它(客户端和服务器都是同一台机器)
1.我需要做对等验证,因此创建了客户端和服务器证书。
1.在配置中添加的密码和从本地调用rabbitMQ时添加的密码与我用于为客户端和服务器创建证书的密码相同。
1.我创建了一个新的用户连接,即。测试并给予管理员访问权限。
1条答案
按热度按时间eit6fx6z1#
请查看我的工作示例,在这里您将能够使用ssl(tls,mtls)Repo Link连接RabbitMQ