Following the directions stated here, I have set up a certificate authority and created the rabbitmq.config with the appropriate fields. However, when I try to connect to the RabbitMQ server with
openssl s_client -connect 127.0.0.1:5671 -tls1
I get the following in standard output:
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1449612785
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
and I see the following error in the logs:
=ERROR REPORT==== 8-Dec-2015::16:13:10 ===
Error on AMQP connection <0.257.0>:
{ssl_upgrade_error,
{options,
{cacertfile,"/home/nthompson/learn_celery/testca/cacert.pem",
{error,eacces}}}}
What could be the problem?
I have tried the following, with no success:
Open up the permissions of
cacert.pem, i.e., I ranchmod 444 cacert.pemas well as some more hopeless permissions, no dice.Validated that all intermediate directories have permissions of 775.
Validated that the RabbitMQ server was indeed listening on port 5671, and it was:
$ sudo rabbitmq status {listeners,[{clustering,25672,"::"},{amqp,5672,"::"},{'amqp/ssl',5671,"::"}]},Checked all paths in
rabbitmq.config, and loosened up the certificate exchange policy by setting{verify,verify_none}and{fail_if_no_peer_cert,false}.Enabled the use of the
rabbitmq_auth_mechanism_sslplugin via$ sudo rabbitmq-plugins enable rabbitmq_auth_mechanism_ssland verified that it was picked up by
rabbitmq-server. In addition, I added{auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL']}to therabbitmq.config.RabbitMQ version is 3.5.4 (default apt-get), but I also upgraded to 3.5.6 (latest) to see if this would go away.