windows - 无法使用 pkcs12 文件连接到 RabbitMq Broker

Question

我上周发布了一个问题 here .

在我使用的机器上，我能够正确启动并运行它。现在，在另一台机器上进行设置，我已经完成了所有操作，但是，当使用 .NET 客户端应用程序连接到 RabbitMq 代理时，它在 pkcs12 文件，说它格式错误。

我已经多次重新生成此文件，确保我分别使用客户端和服务器 .pem 文件，但仍然无济于事。

在troubleshooting link here所有测试完全通过。

环境:

Erlang 19.1

RabbitMq 3.6.6

Windows Server 2012 R2

我的 RabbitMq 配置文件:

[
  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,"C:\\rabbitcerts\\testca\\cacert.pem"},
                    {certfile,"C:\\rabbitcerts\\server\\cert.pem"},
                    {keyfile,"C:\\rabbitcerts\\server\\key.pem"},
                    {depth, 2},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}
   ]}
].

运行这个命令:

openssl s_client -connect mitvs-atm01:5671 -tls1 -cert client/cert.pem -key client/key.pem -CAfile testca/cacert.pem

成功的结果:

CONNECTED(00000130)
depth=1 CN = MyTestCA
verify return:1
depth=0 CN = mitvs-atm01, O = server
verify return:1
---
Certificate chain
 0 s:/CN=mitvs-atm01/O=server
   i:/CN=MyTestCA
 1 s:/CN=MyTestCA
   i:/CN=MyTestCA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC5DCCAcygAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhNeVRl
c3RDQTAeFw0xNzAxMjUwMjIxMTZaFw0xODAxMjUwMjIxMTZaMCcxFDASBgNVBAMM
C21pdHZzLWF0bTAxMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7bqHNpdY1OUstv1EU361/tvsCZigsBy9+xAAkzmEVbUrl
ISOdyvA+oC5oKx2e7otENEAZ6I7D6AqhUsWltqCD5cE8pFipE1VDYchPMSLYH+xT
dYbuGBrEbMw4FYsgpL9WGHFQKkeoNDyJR9McUSmtBi5uQcxmIt+RFs2O6qxwS8pG
32VFwZEncxD4SfPF05pGBaAtV0IHGcw+mRlqHBEwK2qFr1b2FQacCGyv+JFea6ok
TFjKYByZrQCT3l3mlbmZjt+qFNMg4BhA4TWx8zhO5XzG3tiV86G+x8RJUllisKkK
A+dcaMpZ7wr3sz8WrP++UtE1rjDzX6Va3kP6O2YdAgMBAAGjLzAtMAkGA1UdEwQC
MAAwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEB
CwUAA4IBAQBlfQcXWrd+7f9DVx2BIyVcGHouWDFirwSU5IvvgIYyZFbivgosW9Wd
E7fueBUTkZihWG2KxXesVPIlaNy3851KV+r0/zZ+Frp7VX4FEcP900t+Bgy/w3fZ
9YHiZhGHQriA8YmQOkg/YweHU1GsT8APk3JbuqtyI+RRn5iltbDNGF2ch6me/w9E
0Jv0UJvQVuPqSr0mONCyM6JeDLAkaOHTkNEy++uEar/DWQB6D2hJGj7DxavcA/bL
GPbP0LDU3Vv6pn7i7WNHeye2E2Vq2WEAaacYjiluBpCEnvlCFZXX96jbmnzScJZ2
ZlIo27YDOfze6nuNQ1aqGT1wccIoVnhZ
-----END CERTIFICATE-----
subject=/CN=mitvs-atm01/O=server
issuer=/CN=MyTestCA
---
Acceptable client certificate CA names
/CN=MyTestCA
Client Certificate Types: RSA sign
---
SSL handshake has read 1672 bytes and written 2269 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: BD57EFDA3213AA48076CDB95E4EB60A79224B604F3C491CD0BB3D15700A3AC50

    Session-ID-ctx:
    Master-Key: 08F6E2B22EC7EB1FCBAB99A730F6301732FA56CB83F4E9DB4546DC27591E271A
67C115510EBECFBFDA1BCFE47DF49627
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1485370174
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)

成功连接后，我根据相应的.pem 文件在每个客户端和服务器目录中创建了keycert.p12 文件。

我的客户端代码:

_busControl = Bus.Factory.CreateUsingRabbitMq(x =>
{
    var host = x.Host(new Uri(_rabbitHost), h =>
    {
        h.Username(UserName);
        h.Password(Password);
        h.UseSsl(s =>
        {
            s.ServerName = SslHostName;
            s.CertificatePath = @"client\keycert.p12";
            s.CertificatePassphrase = SslPassphrase;
            s.Protocol = SslProtocols.Tls;
        });
    });

    x.ReceiveEndpoint(host, _imageExamEndpoint,
        e => { e.Consumer<UploadImageExamRequestConsumer>(); });

    x.ReceiveEndpoint(host, _worklistEndpoint,
        e => { e.Consumer<WorklistRequestConsumer>(); });
});

这在另一台机器上工作正常，但在我们设置的新机器上，我们收到以下错误:

RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The message received was unexpected or badly formatted
   --- End of inner exception stack trace ---
   at RabbitMQ.Client.EndpointResolverExtensions.SelectOne[T](IEndpointResolver resolver, Func`2 selector)
   at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
   --- End of inner exception stack trace ---
   at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
   at RabbitMQ.Client.ConnectionFactory.CreateConnection(IList`1 hostnames, String clientProvidedName)
   at MassTransit.RabbitMqTransport.Integration.RabbitMqConnectionCache.SendUsingNewConnection(IPipe`1 connectionPipe, ConnectionScope scope, CancellationToken cancellationToken)

Connect failed: admin@mitvs-atm01:5671/

Answer 1

在我的工作版本和非工作版本之间，唯一不同的是我的 Erlang 版本。

我将我的 Windows Server 2012 R2 从 Erlang 19.1 升级到 Erlang 19.2，它成功启动并安全监听。