无法使用 pkcs12 文件连接到 RabbitMq Broker
Cannot connect to RabbitMq Broker using pkcs12 file
我上周发布了一个问题 。
在我使用的机器上,我能够正确地启动并 运行。现在,在另一台机器上进行设置,我已经完成了所有操作,但是,当使用 .NET 客户端应用程序连接到 RabbitMq 代理时,它在 pkcs12 文件上失败,说它的格式很糟糕。
我已经重新生成了这个文件几次,确保我分别使用了客户端和服务器 .pem 文件,但仍然无济于事。
在 troubleshooting link here 中所有测试完全通过。
环境:
Erlang 19.1
RabbitMq 3.6.6
Windows Server 2012 R2
我的 RabbitMq 配置文件:
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"C:\rabbitcerts\testca\cacert.pem"},
{certfile,"C:\rabbitcerts\server\cert.pem"},
{keyfile,"C:\rabbitcerts\server\key.pem"},
{depth, 2},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}
]}
].
运行 这个命令:
openssl s_client -connect mitvs-atm01:5671 -tls1 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem
成功结果:
CONNECTED(00000130)
depth=1 CN = MyTestCA
verify return:1
depth=0 CN = mitvs-atm01, O = server
verify return:1
---
Certificate chain
0 s:/CN=mitvs-atm01/O=server
i:/CN=MyTestCA
1 s:/CN=MyTestCA
i:/CN=MyTestCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC5DCCAcygAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
c3RDQTAeFw0xNzAxMjUwMjIxMTZaFw0xODAxMjUwMjIxMTZaMCcxFDASBgNVBAMM
C21pdHZzLWF0bTAxMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7bqHNpdY1OUstv1EU361/tvsCZigsBy9+xAAkzmEVbUrl
ISOdyvA+oC5oKx2e7otENEAZ6I7D6AqhUsWltqCD5cE8pFipE1VDYchPMSLYH+xT
dYbuGBrEbMw4FYsgpL9WGHFQKkeoNDyJR9McUSmtBi5uQcxmIt+RFs2O6qxwS8pG
32VFwZEncxD4SfPF05pGBaAtV0IHGcw+mRlqHBEwK2qFr1b2FQacCGyv+JFea6ok
TFjKYByZrQCT3l3mlbmZjt+qFNMg4BhA4TWx8zhO5XzG3tiV86G+x8RJUllisKkK
A+dcaMpZ7wr3sz8WrP++UtE1rjDzX6Va3kP6O2YdAgMBAAGjLzAtMAkGA1UdEwQC
MAAwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEB
CwUAA4IBAQBlfQcXWrd+7f9DVx2BIyVcGHouWDFirwSU5IvvgIYyZFbivgosW9Wd
E7fueBUTkZihWG2KxXesVPIlaNy3851KV+r0/zZ+Frp7VX4FEcP900t+Bgy/w3fZ
9YHiZhGHQriA8YmQOkg/YweHU1GsT8APk3JbuqtyI+RRn5iltbDNGF2ch6me/w9E
0Jv0UJvQVuPqSr0mONCyM6JeDLAkaOHTkNEy++uEar/DWQB6D2hJGj7DxavcA/bL
GPbP0LDU3Vv6pn7i7WNHeye2E2Vq2WEAaacYjiluBpCEnvlCFZXX96jbmnzScJZ2
ZlIo27YDOfze6nuNQ1aqGT1wccIoVnhZ
-----END CERTIFICATE-----
subject=/CN=mitvs-atm01/O=server
issuer=/CN=MyTestCA
---
Acceptable client certificate CA names
/CN=MyTestCA
Client Certificate Types: RSA sign
---
SSL handshake has read 1672 bytes and written 2269 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: BD57EFDA3213AA48076CDB95E4EB60A79224B604F3C491CD0BB3D15700A3AC50
Session-ID-ctx:
Master-Key: 08F6E2B22EC7EB1FCBAB99A730F6301732FA56CB83F4E9DB4546DC27591E271A
67C115510EBECFBFDA1BCFE47DF49627
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1485370174
Timeout : 7200 (sec)
Verify return code: 0 (ok)
连接成功后,我根据相应的 .pem 文件在每个客户端和服务器目录中创建了 keycert.p12 文件。
我的客户代码:
_busControl = Bus.Factory.CreateUsingRabbitMq(x =>
{
var host = x.Host(new Uri(_rabbitHost), h =>
{
h.Username(UserName);
h.Password(Password);
h.UseSsl(s =>
{
s.ServerName = SslHostName;
s.CertificatePath = @"client\keycert.p12";
s.CertificatePassphrase = SslPassphrase;
s.Protocol = SslProtocols.Tls;
});
});
x.ReceiveEndpoint(host, _imageExamEndpoint,
e => { e.Consumer<UploadImageExamRequestConsumer>(); });
x.ReceiveEndpoint(host, _worklistEndpoint,
e => { e.Consumer<WorklistRequestConsumer>(); });
});
这在另一台机器上工作正常,但在我们设置的新机器上,我们收到以下错误:
RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted
--- End of inner exception stack trace ---
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
--- End of inner exception stack trace ---
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IList`1 hostnames, String clientProvidedName)
at MassTransit.RabbitMqTransport.Integration.RabbitMqConnectionCache.SendUsingNewConnection(IPipe`1 connectionPipe, ConnectionScope scope, CancellationToken cancellationToken)
Connect failed: admin@mitvs-atm01:5671/
在我的工作版本和我的 non-working 版本之间,唯一 不同的是我的 Erlang.
版本
我将我的 Windows Server 2012 R2 从 Erlang 19.1 升级到 Erlang 19.2,它成功启动并安全监听。
我上周发布了一个问题
在我使用的机器上,我能够正确地启动并 运行。现在,在另一台机器上进行设置,我已经完成了所有操作,但是,当使用 .NET 客户端应用程序连接到 RabbitMq 代理时,它在 pkcs12 文件上失败,说它的格式很糟糕。
我已经重新生成了这个文件几次,确保我分别使用了客户端和服务器 .pem 文件,但仍然无济于事。
在 troubleshooting link here 中所有测试完全通过。
环境:
Erlang 19.1
RabbitMq 3.6.6
Windows Server 2012 R2
我的 RabbitMq 配置文件:
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"C:\rabbitcerts\testca\cacert.pem"},
{certfile,"C:\rabbitcerts\server\cert.pem"},
{keyfile,"C:\rabbitcerts\server\key.pem"},
{depth, 2},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}
]}
].
运行 这个命令:
openssl s_client -connect mitvs-atm01:5671 -tls1 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem
成功结果:
CONNECTED(00000130)
depth=1 CN = MyTestCA
verify return:1
depth=0 CN = mitvs-atm01, O = server
verify return:1
---
Certificate chain
0 s:/CN=mitvs-atm01/O=server
i:/CN=MyTestCA
1 s:/CN=MyTestCA
i:/CN=MyTestCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC5DCCAcygAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
c3RDQTAeFw0xNzAxMjUwMjIxMTZaFw0xODAxMjUwMjIxMTZaMCcxFDASBgNVBAMM
C21pdHZzLWF0bTAxMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7bqHNpdY1OUstv1EU361/tvsCZigsBy9+xAAkzmEVbUrl
ISOdyvA+oC5oKx2e7otENEAZ6I7D6AqhUsWltqCD5cE8pFipE1VDYchPMSLYH+xT
dYbuGBrEbMw4FYsgpL9WGHFQKkeoNDyJR9McUSmtBi5uQcxmIt+RFs2O6qxwS8pG
32VFwZEncxD4SfPF05pGBaAtV0IHGcw+mRlqHBEwK2qFr1b2FQacCGyv+JFea6ok
TFjKYByZrQCT3l3mlbmZjt+qFNMg4BhA4TWx8zhO5XzG3tiV86G+x8RJUllisKkK
A+dcaMpZ7wr3sz8WrP++UtE1rjDzX6Va3kP6O2YdAgMBAAGjLzAtMAkGA1UdEwQC
MAAwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEB
CwUAA4IBAQBlfQcXWrd+7f9DVx2BIyVcGHouWDFirwSU5IvvgIYyZFbivgosW9Wd
E7fueBUTkZihWG2KxXesVPIlaNy3851KV+r0/zZ+Frp7VX4FEcP900t+Bgy/w3fZ
9YHiZhGHQriA8YmQOkg/YweHU1GsT8APk3JbuqtyI+RRn5iltbDNGF2ch6me/w9E
0Jv0UJvQVuPqSr0mONCyM6JeDLAkaOHTkNEy++uEar/DWQB6D2hJGj7DxavcA/bL
GPbP0LDU3Vv6pn7i7WNHeye2E2Vq2WEAaacYjiluBpCEnvlCFZXX96jbmnzScJZ2
ZlIo27YDOfze6nuNQ1aqGT1wccIoVnhZ
-----END CERTIFICATE-----
subject=/CN=mitvs-atm01/O=server
issuer=/CN=MyTestCA
---
Acceptable client certificate CA names
/CN=MyTestCA
Client Certificate Types: RSA sign
---
SSL handshake has read 1672 bytes and written 2269 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: BD57EFDA3213AA48076CDB95E4EB60A79224B604F3C491CD0BB3D15700A3AC50
Session-ID-ctx:
Master-Key: 08F6E2B22EC7EB1FCBAB99A730F6301732FA56CB83F4E9DB4546DC27591E271A
67C115510EBECFBFDA1BCFE47DF49627
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1485370174
Timeout : 7200 (sec)
Verify return code: 0 (ok)
连接成功后,我根据相应的 .pem 文件在每个客户端和服务器目录中创建了 keycert.p12 文件。
我的客户代码:
_busControl = Bus.Factory.CreateUsingRabbitMq(x =>
{
var host = x.Host(new Uri(_rabbitHost), h =>
{
h.Username(UserName);
h.Password(Password);
h.UseSsl(s =>
{
s.ServerName = SslHostName;
s.CertificatePath = @"client\keycert.p12";
s.CertificatePassphrase = SslPassphrase;
s.Protocol = SslProtocols.Tls;
});
});
x.ReceiveEndpoint(host, _imageExamEndpoint,
e => { e.Consumer<UploadImageExamRequestConsumer>(); });
x.ReceiveEndpoint(host, _worklistEndpoint,
e => { e.Consumer<WorklistRequestConsumer>(); });
});
这在另一台机器上工作正常,但在我们设置的新机器上,我们收到以下错误:
RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted
--- End of inner exception stack trace ---
at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
--- End of inner exception stack trace ---
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IList`1 hostnames, String clientProvidedName)
at MassTransit.RabbitMqTransport.Integration.RabbitMqConnectionCache.SendUsingNewConnection(IPipe`1 connectionPipe, ConnectionScope scope, CancellationToken cancellationToken)
Connect failed: admin@mitvs-atm01:5671/
在我的工作版本和我的 non-working 版本之间,唯一 不同的是我的 Erlang.
我将我的 Windows Server 2012 R2 从 Erlang 19.1 升级到 Erlang 19.2,它成功启动并安全监听。