我正在尝试连接我的RabbitMQ服务器,该服务器被强制使用SSL,并受到用户和密码的保护。以前,我成功地从C#,PHP和Python应用程序连接到此服务器。
这是我的node.js代码:
const amqp = require('amqplib');
const fs = require('fs');
const config = {...}
const opts = {
ca: [fs.readFileSync(config.certificatePath)]
};
const url = `amqps://${config.username}:${config.password}@${config.hostname}:${config.port}`;
const open = amqp.connect(url, opts);
open.then(function(conn) {
console.log('connected.');
}).then(null, console.warn);
我得到的错误是:无法获得本地颁发者证书
1)错误是什么意思?
2)我需要做什么才能连接?
注意:在library's ssl guide中写入“(必须)提供一个选项对象,该对象将传递给tls.connect()
。”
我无法理解这个指令,他们也没有使用tls.connect()
的例子。我尝试了一些变化但失败了,也许它会给这里的某个人提供线索。
答案 0 :(得分:0)
您的证书路径已分配给ca
,您错过了cert
和key
。
var opts = {
cert: certificateAsBuffer, // client cert
key: privateKeyAsBuffer, // client key
passphrase: 'MySecretPassword', // passphrase for key
ca: [caCertAsBuffer] // array of trusted CA certs
};
您可以找到参考here
答案 1 :(得分:0)
我尝试了amqplib
版本0.5.3
,这是我的工作示例src/amqplib-ssl-example.js
:
var fs = require('fs')
const path = require('path')
var opts = {
cert: fs.readFileSync(path.resolve(__dirname, '../ssl/client/client_certificate.pem')),
key: fs.readFileSync(path.resolve(__dirname, '../ssl/client/private_key.pem')),
ca: [fs.readFileSync(path.resolve(__dirname, '../ssl/testca/ca_certificate_bundle.pem'))],
rejectUnauthorized: false
}
var q = 'tasks'
function bail (err) {
console.error(err)
process.exit(1)
}
// Publisher
function publisher (conn) {
conn.createChannel(onOpen)
function onOpen (err, ch) {
if (err != null) bail(err)
ch.assertQueue(q)
const msg = 'something to do'
ch.sendToQueue(q, Buffer.from(msg))
console.log('Publisher: ', msg)
}
}
// Consumer
function consumer (conn) {
conn.createChannel(onOpen)
function onOpen (err, ch) {
if (err != null) bail(err)
ch.assertQueue(q)
ch.consume(q, function (msg) {
if (msg !== null) {
console.log('Consumer: ', msg.content.toString())
ch.ack(msg)
}
})
}
}
require('amqplib/callback_api')
.connect('amqps://guest:guest@localhost', opts, function (err, conn) {
if (err != null) bail(err)
consumer(conn)
publisher(conn)
})
运行这段代码node src/amqplib-ssl-example.js
时,将显示以下输出:
Publisher: something to do
Consumer: something to do
RabbitMQ服务器记录以下消息,您可以在其中看到通过SSL的连接。
rabbitmq_1 | 2019-03-24 00:05:41.579 [info] <0.431.0> started TLS (SSL) listener on [::]:5671
...
rabbitmq_1 | 2019-03-24 00:23:35.938 [info] <0.518.0> accepting AMQP connection <0.518.0> (192.168.96.1:45014 -> 192.168.96.2:5671)
rabbitmq_1 | 2019-03-24 00:23:35.949 [info] <0.518.0> connection <0.518.0> (192.168.96.1:45014 -> 192.168.96.2:5671): user 'guest' authenticated and granted access to vhost '/'
为供您参考,我按照以下说明手动生成证书以用于本示例:
https://www.rabbitmq.com/ssl.html#manual-certificate-generation