Hello,

I recently installed RabbitMQ and successfully ran some of the tutorials using the .NET client. So far so good. Now I want to enable SSL encryption, but I am having problems following the tutorial.

Server is Windows Server 2008, 64 Bit.
My client is Windows 7 (64 Bit), but in the deployment scenario will be Windows Server 2008, 64 Bit.

What I did so far:

- Installed otp_win64_R15B01.exe

- Installed rabbitmq-server-2.8.2.exe

- Added the rabbitmq.config file to the appdata/RabbitMQ directory with the content as shown in the tutorial (did not change the certificates yet)

When I start the service, the log shows
=INFO REPORT==== 12-Jun-2012::17:26:18 ===
started SSL Listener on [::]:5671

=INFO REPORT==== 12-Jun-2012::17:26:18 ===
started SSL Listener on 0.0.0.0:5671

Now I would like to create my own Certificate Authority and create certificates. The example in the tutorial seems to be using UNIX and does not show where to expect certain executables (e.g. openssl). I cannot find the file when I am searching for it on my server. Also certain UNIX commands are not available in Windows and I am not sure if they are required under windows or what the equivalent is (chmod, touch).

Could somebody please shed some light on what is missing? Do I need to install anything else? The tutorial is mentioning certain extra steps for Erlang R13B, but I am using R15B so I can ignore these steps?

Thanks for any help,
Wolfgang

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120612/1721c0a9/attachment.htm>

Search Discussions

  • Michael Demir at Jun 12, 2012 at 11:01 pm
    Did you try installing openSSL package? The 64 Bit package can be downloaded from http://www.slproweb.com/products/Win32OpenSSL.html?



    From: rabbitmq-discuss-bounces at lists.rabbitmq.com [mailto:rabbitmq-discuss-bounces at lists.rabbitmq.com] On Behalf Of Wiessler, Wolfgang
    Sent: Tuesday, June 12, 2012 11:15 AM
    To: rabbitmq-discuss at lists.rabbitmq.com
    Subject: [rabbitmq-discuss] Help with the SSL tutorial on Windows Server 2008

    Hello,

    I recently installed RabbitMQ and successfully ran some of the tutorials using the .NET client. So far so good. Now I want to enable SSL encryption, but I am having problems following the tutorial.

    Server is Windows Server 2008, 64 Bit.
    My client is Windows 7 (64 Bit), but in the deployment scenario will be Windows Server 2008, 64 Bit.

    What I did so far:

    - Installed otp_win64_R15B01.exe

    - Installed rabbitmq-server-2.8.2.exe

    - Added the rabbitmq.config file to the appdata/RabbitMQ directory with the content as shown in the tutorial (did not change the certificates yet)

    When I start the service, the log shows
    =INFO REPORT==== 12-Jun-2012::17:26:18 ===
    started SSL Listener on [::]:5671

    =INFO REPORT==== 12-Jun-2012::17:26:18 ===
    started SSL Listener on 0.0.0.0:5671

    Now I would like to create my own Certificate Authority and create certificates. The example in the tutorial seems to be using UNIX and does not show where to expect certain executables (e.g. openssl). I cannot find the file when I am searching for it on my server. Also certain UNIX commands are not available in Windows and I am not sure if they are required under windows or what the equivalent is (chmod, touch).

    Could somebody please shed some light on what is missing? Do I need to install anything else? The tutorial is mentioning certain extra steps for Erlang R13B, but I am using R15B so I can ignore these steps?

    Thanks for any help,
    Wolfgang

    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120612/076db211/attachment.htm>
  • Emile Joubert at Jun 13, 2012 at 8:54 am
    Hi Wolfgang,
    On 12/06/12 17:15, Wiessler, Wolfgang wrote:
    Now I would like to create my own Certificate Authority and create
    certificates. The example in the tutorial seems to be using UNIX and
    does not show where to expect certain executables (e.g. openssl). I
    cannot find the file when I am searching for it on my server. Also
    certain UNIX commands are not available in Windows and I am not sure if
    they are required under windows or what the equivalent is (chmod, touch).
    If you wish to follow the steps verbatim on Windows then install Cygwin.
    The examples assume that you have the OpenSSL binaries and utilities on
    your PATH. You can do the same on WINDOWS.
    Could somebody please shed some light on what is missing? Do I need to
    install anything else? The tutorial is mentioning certain extra steps
    for Erlang R13B, but I am using R15B so I can ignore these steps?
    You don't have to use OpenSSL. If you have your own PKI then feel free
    to use that. You will need to refer to the documentation of your PKI
    provider and ensure that certificates and keys are in the correct format.

    If you choose to use OpenSSL for creating and signing certificates then
    you will need to install it first. See
    http://www.openssl.org/related/binaries.html

    On average later versions of Erlang have fewer SSL bugs than earlier
    versions. Using R15B (or later) should be fine.



    -Emile
  • Wiessler, Wolfgang at Jun 13, 2012 at 10:00 am
    Thanks Emile and Michael for you help. I installed OpenSSL (the 32 Bit version on the 64 Bit Windows as stated in the tutorial). I successfully generated the certificates according to the tutorial. But now I am running into a problem when starting the RabbitMQ Service. It terminates right away without any specific error. In the event viewer "System" log, I get the following error:

    --------
    RabbitMQ: Erlang machine stopped instantly (distribution name conflict?). The service is not restarted as OnFail is set to ignore.
    --------

    My config file looks like this (the paths are correct):
    [
    {rabbit, [
    {ssl_listeners, [5671]},
    {ssl_options, [{cacertfile,C:/Messaging/testca/cacert.pem},
    {certfile,C:/Messaging/server/cert.pem},
    {keyfile,C:/Messaging/server/key.pem},
    {verify,verify_peer},
    {fail_if_no_peer_cert,false}]}
    ]}
    ].

    I cannot find any more details on this error. The log file is empty. Any idea what might cause this? Are the generated certificates incorrect? Surprisingly, the service starts fine if I replace the values with invalid dummy entries.

    -Wolfgang



    -----Original Message-----
    From: Emile Joubert [mailto:emile at rabbitmq.com]
    Sent: Mittwoch, 13. Juni 2012 10:55
    To: Wiessler, Wolfgang
    Cc: rabbitmq-discuss at lists.rabbitmq.com
    Subject: Re: [rabbitmq-discuss] Help with the SSL tutorial on Windows Server 2008

    Hi Wolfgang,
    On 12/06/12 17:15, Wiessler, Wolfgang wrote:
    Now I would like to create my own Certificate Authority and create
    certificates. The example in the tutorial seems to be using UNIX and
    does not show where to expect certain executables (e.g. openssl). I
    cannot find the file when I am searching for it on my server. Also
    certain UNIX commands are not available in Windows and I am not sure
    if they are required under windows or what the equivalent is (chmod, touch).
    If you wish to follow the steps verbatim on Windows then install Cygwin.
    The examples assume that you have the OpenSSL binaries and utilities on your PATH. You can do the same on WINDOWS.
    Could somebody please shed some light on what is missing? Do I need to
    install anything else? The tutorial is mentioning certain extra steps
    for Erlang R13B, but I am using R15B so I can ignore these steps?
    You don't have to use OpenSSL. If you have your own PKI then feel free to use that. You will need to refer to the documentation of your PKI provider and ensure that certificates and keys are in the correct format.

    If you choose to use OpenSSL for creating and signing certificates then you will need to install it first. See http://www.openssl.org/related/binaries.html

    On average later versions of Erlang have fewer SSL bugs than earlier versions. Using R15B (or later) should be fine.



    -Emile
  • Emile Joubert at Jun 13, 2012 at 10:33 am

    On 13/06/12 11:00, Wiessler, Wolfgang wrote:

    {ssl_options, [{cacertfile,C:/Messaging/testca/cacert.pem},
    You need to add quotes around the paths.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouprabbitmq-discuss @
categoriesrabbitmq
postedJun 12, '12 at 4:15p
activeJun 13, '12 at 10:33a
posts5
users3
websiterabbitmq.com
irc#rabbitmq

People

Translate

site design / logo © 2022 Grokbase