我正在尝试使用RabbitMQ的SSL证书,但我不断与代理获得握手错误.
在单独的终端窗口中使用openssl的's_client'和's_server'命令并使用端口8443时,我生成的证书工作正常,详见SSL故障排除指南(http://www.rabbitmq.com/troubleshooting-ssl. HTML).
当我尝试使用相同的openssl's_client'命令连接到RabbitMQ SSL端口5671时,会出现问题:
运行这个:
openssl s_client -connect localhost:5671 -cert /etc/rabbitmq/ssl/client/cert.pem -key /etc/rabbitmq/ssl/client/key.pem -CAfile /etc/rabbitmq/ssl/certificate_auth/cacert.pem
产生这个:
CONNECTED(00000003)
depth=1 CN = RMQCA
verify return:1
depth=0 CN = roger.xxxxxx.com, O = server
verify return:1
139997248210760:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1256:SSL alert number 40
139997248210760:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
SSL侦听器启动正常,如RabbitMQ日志中所示:
=INFO REPORT==== 19-May-2014::15:45:34 ===
started TCP Listener on [::]:5672
=INFO REPORT==== 19-May-2014::15:45:34 ===
started SSL Listener on [::]:5671
尝试使用"s_client"连接到端口5671时,会出现错误:
=INFO REPORT==== 19-May-2014::17:20:39 ===
accepting AMQP connection <0.3263.0> ([::1]:58538 -> [::1]:5671)
=ERROR …