RabbitMQ + C# + SSL [英] RabbitMQ + C# + SSL
问题描述
我正在尝试使用 C# 让 RabbitMQ 3.6.2 在 Windows 7 上针对 Erlang 18.0 使用 SSL/TLS.在我的 C# 代码中启用 SSL 时遇到错误.我已经完成了设置 SSL/TLS 的步骤这里.我还完成了显示成功的 [疑难解答步骤][2](除了由于缺乏 stunnel 知识而无法执行 stunnel 步骤).这是我尝试连接到 RabbitMQ 的 C# 代码:
I'm trying to use C# to get RabbitMQ 3.6.2 to use SSL/TLS on Windows 7 against Erlang 18.0. I'm running into errors when I'm enabling SSL in my C# code. I have gone through the steps to set up SSL/TLS here. I've also gone through the [troubleshooting steps][2] which show turn up successful (except I couldn't do the stunnel step due to lack of knowledge of stunnel). Here's my C# code trying to connect to RabbitMQ:
var factory = new ConnectionFactory()
{
// NOTE: guest username ONLY works with HostName "localhost"!
//HostName = Environment.MachineName,
HostName = "localhost",
UserName = "guest",
Password = "guest",
};
// Without this line, RabbitMQ.log shows error: "SSL: hello: tls_handshake.erl:174:Fatal error: protocol version"
// When I add this line to go to TLS 1.2, .NET throws an exception: The remote certificate is invalid according to the validation procedure.
// https://stackoverflow.com/questions/9983265/the-remote-certificate-is-invalid-according-to-the-validation-procedure:
// Walked through this tutorial to add the client certificate as a Windows Trusted Root Certificate: http://www.sqlservermart.com/HowTo/Windows_Import_Certificate.aspx
factory.Ssl.Version = SslProtocols.Tls12;
factory.Ssl.ServerName = "localhost"; //System.Net.Dns.GetHostName();
factory.Ssl.CertPath = @"C:OpenSSL-Win64clientkeycert.p12";
factory.Ssl.CertPassphrase = "Re$sp3cMyS3curi1ae!";
factory.Ssl.Enabled = true;
factory.Port = 5671;
// Error: "The remote certificate is invalid according to the validation procedure."
using (var connection = factory.CreateConnection())
{
}
有一个 StackOverflow 帖子关于根据验证程序,远程证书无效."异常,但是由于从未调用过建议的回调方法,因此 hack 修复似乎没有生效.我认为我已将通过 OpenSSL 生成的证书添加到本地计算机的 Windows 受信任的根证书颁发机构证书列表中.所以我在这里不知所措.关于如何进行的任何想法?
There's a StackOverflow post regarding the "The remote certificate is invalid according to the validation procedure." exception, but the hack fix doesn't seem to take effect as the callback method suggested is never called. I think that I've added my certificate generated via OpenSSL to the Windows Trusted Root Certification Authorities certificates list for local computer. So I'm at a loss here. Any ideas on how to proceed?
以下是努力在 Rabbit 上实现 SSL 的任何人的最终工作代码:
Here's the final working code for anyone struggling to implement SSL on Rabbit:
var factory = new ConnectionFactory();
factory.HostName = ConfigurationManager.AppSettings["rabbitmqHostName"];
factory.AuthMechanisms = new AuthMechanismFactory[] { new ExternalMechanismFactory() };
// Note: This should NEVER be "localhost"
factory.Ssl.ServerName = ConfigurationManager.AppSettings["rabbitmqServerName"];
// Path to my .p12 file.
factory.Ssl.CertPath = ConfigurationManager.AppSettings["certificateFilePath"];
// Passphrase for the certificate file - set through OpenSSL
factory.Ssl.CertPassphrase = ConfigurationManager.AppSettings["certificatePassphrase"];
factory.Ssl.Enabled = true;
// Make sure TLS 1.2 is supported & enabled by your operating system
factory.Ssl.Version = SslProtocols.Tls12;
// This is the default RabbitMQ secure port
factory.Port = 5671;
factory.VirtualHost = "/";
// Standard RabbitMQ authentication (if not using ExternalAuthenticationFactory)
//factory.UserName = ConfigurationManager.AppSettings["rabbitmqUsername"];
//factory.Password = ConfigurationManager.AppSettings["rabbitmqPassword"];
using (var connection = factory.CreateConnection())
{
using (var channel = connection.CreateModel())
{
// publish some messages...
}
}
谢谢,
安迪
推荐答案
通常的问题是您在 Ssl.ServerName 中提供的内容与颁发的主机 SSL 证书不匹配.
Usual problem is mismatch between what you provide in Ssl.ServerName and host SSL certificate was issued for.
另请注意,服务器端 SSL(客户端和服务器之间的加密连接)和使用证书的客户端身份验证(您向服务器提供确认您拥有所需证书的信息)是两件不同的事情.通过提供 Ssl.CertPath,您打算在服务器上使用此证书进行授权,这可能是您想要的,也可能不是您想要的.
Also note that server-side SSL (encrypted connection between your client and server) and client-side authentication with certificate (you provide server with information which confirms that you have certificate it expects) are two different things. By providing Ssl.CertPath you intent to authorize at server using this certificate, which might or might not be what you want.
这篇关于RabbitMQ + C# + SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
