c# - TLS/SSL RABBIT MQ (Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..)
问题描述
TLS/SSL following steps as:
To create the root CA certificate
- genrsa -des3 -out CA-key.pem 2048
- req -new -key CA-key.pem -x509 -days 1000 -out CA-cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=user/OU=Org/CN=right.xcl.one"
To create a Signing a Server Certificate:
- genrsa -des3 -out server-key.pem 2048
- req –new –config openssl.cnf –key server-key.pem –out signingReq.csr
- x509 -req -days 365 -in signingReq.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out server-cert.pem
Client Certificate :-
- pkcs12 -export -out client-cert.p12 -inkey server-key.pem -in server-cert.pem
Server RabbitMQ Config:-
[
{rabbit, [
{auth_mechanisms, ['EXTERNAL']},
{loopback_users, []},
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"D:/RabbitMQ/certs/CA-cert.pem"},
{certfile,"D:/RabbitMQ/certs/server-cert.pem"},
{keyfile,"D:/RabbitMQ/certs/server-key.pem"},
{verify,verify_peer},
{password, "test"},
{fail_if_no_peer_cert, false}]
}
]}
].
In C# Calling from local:-
var hostName = "right.xcl.one";
var cf = new ConnectionFactory
{
HostName = hostName,
UserName = "user",
Password = "user",
VirtualHost = "/",
AuthMechanisms = new IAuthMechanismFactory[] { new ExternalMechanismFactory() },
Ssl = new SslOption
{
Enabled = true,
ServerName = "right.xcl.one",
AcceptablePolicyErrors = SslPolicyErrors.RemoteCertificateNameMismatch |
SslPolicyErrors.RemoteCertificateChainErrors,
CertPath = @"D:\client-cert.p12",
CertPassphrase = "test",
}
};
using (IConnection conn = cf.CreateConnection())
OpenSSL> s_client -connect malta1597.startdedicated.com:5671 -cert client-cert.pem -key client-key.pem -CAfile CA-cert.pem -verify 8 -verify_hostname malta1597.startdedicated.com\ -state -debug verify depth is 8 Enter pass phrase for client-key.pem: CONNECTED(00000144) SSL_connect:before SSL initialization write to 0x1924d107020 [0x1924d1267b0] (330 bytes => 330 (0x14A)) 0000 - 16 03 01 01 45 01 00 01-41 03 03 f7 84 a2 00 f6 ....E...A....... 0010 - 82 f2 f0 ef 26 79 3d fb-56 dd f9 37 79 fd 19 58 ....&y=.V..7y..X 0020 - 81 c8 a0 bc b3 5f f3 b5-29 a3 73 20 f8 06 9d 28 ....._..).s ...( 0030 - ec eb 1b c8 e6 f8 4f fe-97 1c 74 23 93 8f db ef ......O...t#.... 0040 - 8a ad 18 af 71 96 c2 40-b1 99 9d 92 00 3e 13 02 ....q..@.....>.. 0050 - 13 03 13 01 c0 2c c0 30-00 9f cc a9 cc a8 cc aa .....,.0........ 0060 - c0 2b c0 2f 00 9e c0 24-c0 28 00 6b c0 23 c0 27 .+./...$.(.k.#.' 0070 - 00 67 c0 0a c0 14 00 39-c0 09 c0 13 00 33 00 9d .g.....9.....3.. 0080 - 00 9c 00 3d 00 3c 00 35-00 2f 00 ff 01 00 00 ba ...=.<.5./...... 0090 - 00 00 00 21 00 1f 00 00-1c 6d 61 6c 74 61 31 35 ...!.....malta15 00a0 - 39 37 2e 73 74 61 72 74-64 65 64 69 63 61 74 65 97.startdedicate 00b0 - 64 2e 63 6f 6d 00 0b 00-04 03 00 01 02 00 0a 00 d.com........... 00c0 - 0c 00 0a 00 1d 00 17 00-1e 00 19 00 18 00 23 00 ..............#. 00d0 - 00 00 16 00 00 00 17 00-00 00 0d 00 30 00 2e 04 ............0... 00e0 - 03 05 03 06 03 08 07 08-08 08 09 08 0a 08 0b 08 ................ 00f0 - 04 08 05 08 06 04 01 05-01 06 01 03 03 02 03 03 ................ 0100 - 01 02 01 03 02 02 02 04-02 05 02 06 02 00 2b 00 ..............+. 0110 - 09 08 03 04 03 03 03 02-03 01 00 2d 00 02 01 01 ...........-.... 0120 - 00 33 00 26 00 24 00 1d-00 20 d3 71 9e 9a b6 7d .3.&.$... .q...} 0130 - 1f 40 6c f3 35 dc b0 86-bc 52 c9 7e ba b8 64 0b .@l.5....R.~..d. 0140 - d7 09 df b9 a5 34 15 f4-0f 1e .....4.... SSL_connect:SSLv3/TLS write client hello read from 0x1924d107020 [0x1924d11d593] (5 bytes => -1 (0xFFFFFFFF)) SSL_connect:error in SSLv3/TLS write client hello write:errno=10054
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 330 bytes Verification: OK
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
read from 0x1924d107020 [0x1924d0fb0a0] (8192 bytes => -1 (0xFFFFFFFF)) error in s_client OpenSSL>
Authenticated successfully but the error is now:- One or more errors occurred. (Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..)
Please help.
解决方案
推荐阅读
- python-3.x - Python 编译器在打印函数中添加 10^-16 到答案中
- c# - 确认消息失败时没有错误
- maven - 如何从依赖项中打开 URL,但仅在将其添加到项目时打开一次
- angular - 如何使用angular2获取检查和取消选中的值
- python - 将字典转换为 Numpy 数组
- mysql - 如何在 MySQL 中执行全文搜索连接多个表
- mplab - MPLAB 以外的 IC 24AA64I/SN 编程器?
- ios - 对 .well-known/apple-app-site-association 的请求过多 - 是否推荐使用 Cache 标头?
- function - 获取泛型函数的类型而不调用打字稿中的函数
- python - 计算平均值并附加到新数组numpy