Rabbit SSL配置无法正常工作 - {ssl_upgrade_error,{tls_alert,"证书未知"}}

时间:2016-05-10 19:29:46

标签: java erlang rabbitmq redhat amqp

我有两台服务器,其中Rabbit mq正在运行并且是群集的。我有一个CA签名证书,这是在两台服务器上配置的。其中一台服务器已启动并正在运行,但另一台服务器未提供证书未知错误。

我真的很困惑为什么同一组证书在一台服务器上工作而不在另一台服务器上工作。

[

  {rabbit, [
     {ssl_listeners, [ 5671]},
     {ssl_options, [{cacertfile,               "/etc/rabbitmq/certificates/RootCA.crt.pem"},
                        {certfile,             "/etc/rabbitmq/certificates/sserver_cert.pem"},
                        {keyfile,              "/etc/rabbitmq/certificates/server_key.pem"},
 {depth, 2},
                        {verify,verify_none},
                        {fail_if_no_peer_cert, false}]}
   ]}
].

Rabbit MQ和Erlang版本 

{erlang_version,
     "Erlang/OTP 17 [erts-6.3] [source] [64-bit] [smp:4:4] [async-threads:30] [kernel-poll:true]\n"},

 [{rabbitmq_management,"RabbitMQ Management Console","3.5.3"},
      {rabbitmq_web_dispatch,"RabbitMQ Web Dispatcher","3.5.3"},
      {webmachine,"webmachine","1.10.3-rmq3.5.3-gite9359c7"},
      {mochiweb,"MochiMedia Web Server","2.7.0-rmq3.5.3-git680dba8"},
      {rabbitmq_management_agent,"RabbitMQ Management Agent","3.5.3"},
      {rabbit,"RabbitMQ","3.5.3"},

我在其中一个服务器上遇到的错误:

=ERROR REPORT==== 10-May-2016::20:21:52 ===
SSL: certify: ssl_alert.erl:92:Fatal error: certificate unknown

=ERROR REPORT==== 10-May-2016::20:21:52 ===
Error on AMQP connection <0.27744.2>:
{ssl_upgrade_error,{tls_alert,"unexpected message"}}

=ERROR REPORT==== 10-May-2016::20:21:52 ===
SSL: certify: ssl_alert.erl:92:Fatal error: unexpected message

=ERROR REPORT==== 10-May-2016::20:21:52 ===
Error on AMQP connection <0.27748.2>:
{ssl_upgrade_error,{tls_alert,"unexpected message"}}

=ERROR REPORT==== 10-May-2016::20:21:52 ===
SSL: certify: ssl_alert.erl:92:Fatal error: unexpected message

=ERROR REPORT==== 10-May-2016::20:21:53 ===
Error on AMQP connection <0.27752.2>:
{ssl_upgrade_error,{tls_alert,"certificate unknown"}}

=ERROR REPORT==== 10-May-2016::20:21:53 ===
SSL: certify: ssl_alert.erl:92:Fatal error: certificate unknown

1 个答案:

答案 0 :(得分:0)

我只有痛苦才能让兔子与TLS一起工作。

作为替代方案,我们最终使用stunnel(https://www.stunnel.org/index.html)并在客户端和服务器端创建透明的隧道连接。

它实际上工作得很好,因为它具有不需要更改客户端代码的附加开发优势,只需要更改它们所连接的网络地址。

相关问题
最新问题