我正在尝试使用C#让RabbitMQ 3.6.2在Windows 7上针对Erlang 18.0使用SSL/TLS.当我在C#代码中启用SSL时,我遇到了错误.我已经通过建立SSL/TLS的步骤了这里.我也经历了[故障排除步骤] [2],显示出成功(除了由于缺乏对stunnel的了解而无法完成stunnel步骤).这是我的C#代码试图连接到RabbitMQ:
var factory = new ConnectionFactory()
{
// NOTE: guest username ONLY works with HostName "localhost"!
//HostName = Environment.MachineName,
HostName = "localhost",
UserName = "guest",
Password = "guest",
};
// Without this line, RabbitMQ.log shows error: "SSL: hello: tls_handshake.erl:174:Fatal error: protocol version"
// When I add this line to go to TLS 1.2, .NET throws an exception: The remote certificate is invalid according to the validation procedure.
// https://stackoverflow.com/questions/9983265/the-remote-certificate-is-invalid-according-to-the-validation-procedure:
// Walked through this tutorial to add the client certificate as a Windows Trusted Root Certificate: http://www.sqlservermart.com/HowTo/Windows_Import_Certificate.aspx
factory.Ssl.Version = SslProtocols.Tls12;
factory.Ssl.ServerName = "localhost"; //System.Net.Dns.GetHostName();
factory.Ssl.CertPath = @"C:\OpenSSL-Win64\client\keycert.p12";
factory.Ssl.CertPassphrase = "Re$sp3cMyS3curi1ae!";
factory.Ssl.Enabled = true;
factory.Port = 5671;
// Error: "The remote certificate is invalid according to the validation procedure."
using (var connection = factory.CreateConnection())
{
}
有关于"根据验证程序,远程证书无效"的StackOverflow帖子.异常,但黑客修复似乎没有生效,因为建议的回调方法永远不会被调用.我认为我已将通过OpenSSL生成的证书添加到本地计算机的Windows受信任的根证书颁发机构证书列表中.所以我在这里不知所措.关于如何进行的任何想法?
编辑:这是任何努力在Rabbit上实现SSL的人的最终工作代码:
var factory = new ConnectionFactory();
factory.HostName = ConfigurationManager.AppSettings["rabbitmqHostName"];
factory.AuthMechanisms = new AuthMechanismFactory[] { new ExternalMechanismFactory() };
// Note: This should NEVER be "localhost"
factory.Ssl.ServerName = ConfigurationManager.AppSettings["rabbitmqServerName"];
// Path to my .p12 file.
factory.Ssl.CertPath = ConfigurationManager.AppSettings["certificateFilePath"];
// Passphrase for the certificate file - set through OpenSSL
factory.Ssl.CertPassphrase = ConfigurationManager.AppSettings["certificatePassphrase"];
factory.Ssl.Enabled = true;
// Make sure TLS 1.2 is supported & enabled by your operating system
factory.Ssl.Version = SslProtocols.Tls12;
// This is the default RabbitMQ secure port
factory.Port = 5671;
factory.VirtualHost = "/";
// Standard RabbitMQ authentication (if not using ExternalAuthenticationFactory)
//factory.UserName = ConfigurationManager.AppSettings["rabbitmqUsername"];
//factory.Password = ConfigurationManager.AppSettings["rabbitmqPassword"];
using (var connection = factory.CreateConnection())
{
using (var channel = connection.CreateModel())
{
// publish some messages...
}
}
谢谢,
安迪
通常的问题是您提供的内容Ssl.ServerName与颁发的主机SSL证书之间不匹配。
还要注意,服务器端SSL(客户端和服务器之间的加密连接)和带有证书的客户端身份验证(您向服务器提供确认您拥有期望的证书的信息)是两件不同的事情。通过向Ssl.CertPath您提供使用该证书在服务器上进行授权的意图,这可能是您想要的,也可能不是。
| 归档时间: |
|
| 查看次数: |
4941 次 |
| 最近记录: |