Ssl RabbitMQ TLS身份验证_Ssl_Rabbitmq_Ssl Certificate_Tls1.2

Ssl RabbitMQ TLS身份验证

ssl rabbitmq

Ssl RabbitMQ TLS身份验证,ssl,rabbitmq,ssl-certificate,tls1.2,Ssl,Rabbitmq,Ssl Certificate,Tls1.2,有一项任务是使用证书授权配置某些web服务的操作。有： Erlang 22.3.3 RabbitMQ 3.8.3 描述它们的安装是没有意义的。接下来做了什么： 1.根据第（）条，我们执行以下操作： git clone https://github.com/michaelklishin/tls-gen tls-gen cd tls-gen / basic CN = client PASSWORD = 123 make make verify make info 复制创建的证书，更改所有者 m

有一项任务是使用证书授权配置某些web服务的操作。
有：
Erlang 22.3.3
RabbitMQ 3.8.3
描述它们的安装是没有意义的。
接下来做了什么：
1.根据第（）条，我们执行以下操作：

git clone https://github.com/michaelklishin/tls-gen tls-gen
cd tls-gen / basic
CN = client PASSWORD = 123 make
make verify
make info

复制创建的证书，更改所有者

mv testca//etc/rabbitmq/
mv服务器//etc/rabbitmq/
mv客户端//etc/rabbitmq/
chown-R rabbitmq:/etc/rabbitmq/testca
chown-R rabbitmq:/etc/rabbitmq/server
chown-R rabbitmq:/etc/rabbitmq/client

我们将配置文件转换为以下格式（/etc/rabbitmq/rabbitmq.config）：

[
{ssl，[{versions，['tlsv1.2'，'tlsv1.1'，tlsv1]}]，
{兔子[
{ssl_侦听器，[5671]}，
{auth_机制，['PLAIN'，AMQPLAIN'，EXTERNAL']}，
{ssl_cert_login_from'client'}，
{ssl_options，[{cacertfile，”/etc/rabbitmq/testca/cacert.pem}，
{certfile，“/etc/rabbitmq/server/cert.pem”}，
{keyfile，“/etc/rabbitmq/server/key.pem”}，
{verify，verify_peer}，
{如果没有对等证书，则失败}]}
].

我们启动服务器，尝试从客户端连接。我们得到一个错误：

2020-05-18 17:21:57.166+03:00[错误]无法连接到代理10.10.11.16，vhost dmz端口5671 RabbitMQ.Client.Exceptions.BrokerRunReachableException:指定的终结点都不可访问 --->RabbitMQ.Client.Exceptions.PossibleAuthenticationFailureException:可能由身份验证失败引起 --->RabbitMQ.Client.Exceptions.OperationInterruptedException:AMQP操作被中断：AMQP关闭原因，由库启动，代码=0，文本='流结束'，classId=0，methodId=0，原因=System.IO.EndOfStreamException:到达流结束。可能的身份验证失败。位于RabbitMQ.Client.Impl.InboundFrame.ReadFrom（流读取器）位于RabbitMQ.Client.Impl.SocketFrameHandler.ReadFrame（）在RabbitMQ.Client.Framing.Impl.Connection.MainLoopIteration（）处位于RabbitMQ.Client.Framing.Impl.Connection.MainLoop（）在RabbitMQ.Client.Impl.SimpleBlockingRpcContinuation.GetReply（TimeSpan超时）位于RabbitMQ.Client.Impl.ModelBase.ConnectionStartOk（IDictionary`2 clientProperties，字符串机制，字节[]响应，字符串区域设置）位于RabbitMQ.Client.Framing.Impl.Connection.StartAndTune（） ---内部异常堆栈跟踪的结束--- 位于RabbitMQ.Client.Framing.Impl.Connection.StartAndTune（）位于RabbitMQ.Client.Framing.Impl.Connection.Open（布尔值）在RabbitMQ.Client.Framing.Impl.Connection..ctor（IConnectionFactory工厂、布尔值、IFrameHandler、frameHandler、字符串clientProvidedName）在RabbitMQ.Client.Framing.Impl.ProtocolBase.CreateConnection（IConnectionFactory工厂、布尔值、IFrameHandler frameHandler、字符串clientProvidedName）在RabbitMQ.Client.ConnectionFactory.CreateConnection（IEndpointResolver endpointResolver，字符串clientProvidedName） ---内部异常堆栈跟踪的结束--- 在RabbitMQ.Client.ConnectionFactory.CreateConnection（IEndpointResolver endpointResolver，字符串clientProvidedName）在RabbitMQ.Client.ConnectionFactory.CreateConnection（字符串clientProvidedName）在EasyNetQ.ConnectionFactoryWrapper.CreateConnection（）上在EasyNetQ.PersistentConnection.TryToConnect（）上

在rabbitmq日志中：

2020-05-18 17: 24: 59.880 [info] <0.3442.0> accepting AMQP connection <0.3442.0> (10/10/15/14/1561 -> 10/10/11/166767)
2020-05-18 17: 25: 02.887 [error] <0.3442.0> closing AMQP connection <0.3442.0> (10/10/15/14/1561 -> 10/10/11/1667671):
{handshake_error, starting, 0, {error, function_clause, 'connection.start_ok', [{rabbit_ssl, peer_cert_auth_name, [client, << 48,130,3,42,48,130,2,18,160,3,2,1,2,2 , 1,2,48,13,6,9,42,134,72,134,247,13,1,1,11,5,0,48,4,49,49,32,48,30,6,3,85,4,3 12,23,84,76,83,71,101,110,83,101,108,102,83,105,103,110,101,100,116,82,111,111,116,67,65,49,13,48,11,6,3,85,4,7,12,4,36,36,36 , 36.48,30,23,13,50,48,48,53,49,56,49,52,48,49,53,53,90,23,13,51,48,48,53,49 , 54,49,52,48,49,53,53,90,48,34,49,15,48,13,6,3,85,4,3,12,6,99,108,105,101,110,116,49,15,48 , 13,6,3,85,4,10,12,6,99,108,105,101,110,116,48,130,1,34,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,3,130 1,15,0,48,130,1,10,2,130,1,1,0,183,198,116,156,3,177,131,5,148,11,154,34,99,210,88,115,60,228,180,245,80,212,113,57,181,249,20,5,164,49,72,95,153,116,103,49 , 58,119,15,48,147,107,112,243,105,122,189,44,0,193,114,138,169,250,165,97,188,158,188,95,163,37,30,75,143,21,103,11,131,223,124,96,244,111,210,30,8,175,72,206,162,14,86,63,146,215,179,226,239,48,76,122,150,200,183,82,114,1 73,116,32,224,202,196,129,131,96,34,237,34,144,177,92,200,105,212,0,133,141,118,146,229,140,246,229,137,0,9,27,180,163,233,134,0,187,110,9,126,92,172,105,96,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,1,118,11,11,118,11,118,11,118,11,118,11,118,11,118,11,118,11,118,11,118,11,118,11,118,1,118,11,11,118,11,11,11,11,1,1,1,1,1,1,1,1,1,1,1,1,1,111,1'''1,11,11,1'''1,1''''N''O'', '' 92,181,68,172,135,15,90,152,209,242,31,138,135,34,95,29,162,226,175,253,176,14

新错误：

2020-05-18 18:48:56.681 [info] <0.1410.0> Connection <0.1410.0> (10.10.15.14:52744 -> 10.10.11.16:5671) has a client-provided name: Viber.CallbackService.dll
2020-05-18 18:48:56.682 [error] <0.1410.0> Error on AMQP connection <0.1410.0> (10.10.15.14:52744 -> 10.10.11.16:5671, state: starting):
EXTERNAL login refused: user 'O=client,CN=client' - invalid credentials

2020-05-18 18:48:56.681[info]连接（10.10.15.14:52744->10.10.11.16:5671）具有客户端提供的名称：Viber.CallbackService.dll
2020-05-18 18:48:56.682[错误]AMQP连接错误（10.10.15.14:52744->10.10.11.16:5671，状态：启动）：
外部登录被拒绝：用户“O=client，CN=client”-凭据无效

您是否已启用ssl插件并重新启动代理

sudorabbitmq插件支持rabbitmq\u auth\u机制\u ssl

sudo systemctl重新启动rabbitmq服务器

您还可以尝试在rabbitmq.conf中设置以下内容：

ssl\u证书\u登录\u来源=通用\u名称

ssl_options.password=123

并在代理中创建一个名为“client”的用户，以匹配证书中的CN名称

2020-05-18 18:48:56.681 [info] <0.1410.0> Connection <0.1410.0> (10.10.15.14:52744 -> 10.10.11.16:5671) has a client-provided name: Viber.CallbackService.dll
2020-05-18 18:48:56.682 [error] <0.1410.0> Error on AMQP connection <0.1410.0> (10.10.15.14:52744 -> 10.10.11.16:5671, state: starting):
EXTERNAL login refused: user 'O=client,CN=client' - invalid credentials