使用SSL对等验证,与RabbitMQ的客户端通信失败 [英] Client communication to RabbitMQ fails using SSL Peer Verification
问题描述
与客户进行RabbitMQ交流时,我遇到了一种奇怪的情况,以下是详细信息 在Azure AKS群集上运行的RabbitMQ(包含容器),通过Internet公开,使用Azure Traffic Manager(自定义域)将流量路由到RabbitMQ,RabbitMQ配置为支持SSL-且Peer Verification设置为true,内部(组织)服务器证书已配置为RabbitMQ配置文件.
I am facing a weird situation in communication with RabbitMQ from a client, the following are the details RabbitMQ running on Azure AKS cluster (Containerized), exposed over the internet, Traffic is routed to RabbitMQ using Azure Traffic Manager (Custom Domain), RabbitMQ is configured to support SSL - and Peer Verification is set to true, Internal (Organization) server certificate is configured to the RabbitMQ config file.
RabbitMQ版本3.7.8
RabbitMQ Version 3.7.8
客户端部署在BizTalk-Azure虚拟机上,使用.net构建自定义适配器以支持BizTalk服务器上的连接配置,在服务器上安装客户端证书,并使用客户端证书指纹完成SSL配置. 尝试使用BizTalk客户端(.net编写)与Rabbit Host建立连接时,服务器拒绝连接,说明该连接已被服务器强行关闭,因此在调试日志中看不到太多信息.
The client is deployed on BizTalk - Azure Virtual Machine, Custom adapter is build using .net to support the connection configuration on BizTalk server, the client certificate is installed on the server, and SSL configuration is done using client cert thumbprint. When BizTalk client (Written on .net) is tried to establish a connection with Rabbit Host, the server refused to connect stating Connection is forcefully closed by the server, we don't see much information in the Debug logs.
我们甚至尝试捕获TCPDUMP,但由于Rabbit在容器上运行,因此没有太多帮助. 但是,要发现客户端和Rabbit服务器周围发生了什么,我有一个陷阱,我构建了一个小型RabbitMQ客户端工具,以验证写在.net上的SSL连接及其魅力.
We even tried capturing TCPDUMP but not much help out of that since Rabbit is running on container. However, there is a catch, to find out what is happening around the client and Rabbit server, I built a small RabbitMQ client tool to verify the SSL connection, written on .net, and its works as a charm.
我需要您的帮助,以便从在BizTalk服务器上运行的客户端中找出可能的失败原因.
I need your help to find out the possible cause for the failure from the Client running on the BizTalk server.
请注意,非SSL连接可以正常工作.
Please note Non-SSL connection works perfectly fine.
推荐答案
Go through the TLS troubleshoting guide (link) which will help you find the problem. As suggest in previous answer, it could be that rabbitmq is only supporting TLS 1.2 which is not enabled in .NET.
如果您看到的不是TLS 1.1,则可以在Rabbitmq(链接)中启用它在Rabbitmq中启用的可能性很高.
Also you can enable TLS 1.1 in rabbitmq (link) if you see it is not enabled in rabbitmq which has high probability.
这篇关于使用SSL对等验证,与RabbitMQ的客户端通信失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
