RabbitMQ MQTT SSL connection fails

melanka.w 2018-09-27 04:40:09 UTC #1

IMPORTANT, please fill the questions

We assume you are using Bitnami to deploy your application.

Which version of the application are you using?:
RABBITMQ 3.7.3 Erlang 20.1
Please choose how you got the application: Installer (Windows, Linux, macOS), cloud image (AWS, GCE, Azure, ...) or VM (VMDK, VBOX):
GCE
Have you installed any plugin or modified any configuration file?:
Yes, MQTT
Describe here your question/suggestion/issue (expected and actual results):

I am trying to set up a RabbitMQ server with mqtt and amqp connections. I have opened mqtt tcp connection on port 1883 and mqtt ssl connection on port 8883. TLS and SSL listners are successfully opened as the log. I am using mqttBox as the client and I can successfully connect to port 1883 using tcp. But I am unable to connect to port 8883 using TLS/SSL.

Here is my config file.

[
 {rabbit,
  [
   {tcp_listeners, [{"127.0.0.1", 5672}, {"::1", 5672}]},
   {default_vhost, <<"/">>},
   {default_user, <<"user">>},
   {default_pass, <<"bitnami">>},    
   {default_permissions, [<<".*">>, <<".*">>, <<".*">>]},

   {ssl_options, [{cacertfile,  "/opt/bitnami/rabbitmq/tls/result/ca_certificate.pem"},
                {certfile,   "/opt/bitnami/rabbitmq/tls/result/server_certificate.pem"},
                {keyfile,    "/opt/bitnami/rabbitmq/tls/result/server_key.pem"},
  %%                  {password,""},
                {verify,     verify_peer},
                {fail_if_no_peer_cert, true}]}
  %%     {ssl_listeners, [5671]}

  ]
  },
  {kernel, []},
  {rabbitmq_management,
  [
   {listener, [{port, 15672}, {ip, "0.0.0.0"}]}
  ]
 },
 {rabbitmq_shovel,
  [
   {shovels, []}
  ]
 },
 {rabbitmq_stomp, []},
 {rabbitmq_mqtt, [{ssl_cert_login, true}, {allow_anonymous, false} , 
  {ssl_listeners,    [8883]}, {tcp_listeners,    [1883]}]},
  {rabbitmq_amqp1_0, []},
  {rabbitmq_auth_backend_ldap, []},
  {rabbit, [{vm_memory_high_watermark, 0.6}]
 }
].

And my log file.

started MQTT TCP Listener on [::]:1883
started MQTT SSL Listener on [::]:8883
started TCP Listener on [::]:5672
started SSL Listener on [::]:5671


<0.13639.4> MQTT vhost picked using plugin configuration or default

TCP connection successful

<0.13639.4> accepting MQTT connection <0.13639.4> (123.231.123.82:54601 -> 10.128.0.5:1883)

TLS connection failed

 <0.13639.4> MQTT detected network error for "123.231.123.82:54601 -> 10.128.0.5:1883": peer closed TCP connection

It seems both tcp and tls requests are headed to 10.128.0.5:1883.

How can I fix this?

michiel 2018-09-27 10:41:58 UTC #2

Hi @melanka.w,

A colleague will reply soon with further information regarding this issue.

Best regards,

Michiel D'Hont

Please, click on if you think my answer was helpful

jsalmeron 2018-09-28 08:36:21 UTC #3

Hi,

Could you let us know which documentation you followed in order to enable SSL in RabbitMQ?

Best regards,

Javier J. Salmerón

Was my answer helpful? Click on

melanka.w 2018-09-28 09:50:30 UTC #4

Hi,

I followed this documentations.
1. https://www.rabbitmq.com/mqtt.html#tls
2. http://www.rabbitmq.com/ssl.html

BR,
Sachith

jsalmeron 2018-10-02 08:23:32 UTC #5

Hi,

Sorry, I am no expert in RabbitMQ so I need you to let me know how you configured the MQTTBox client configuration. I am getting a different error, and I think it is because I did not configure the client correctly.

Best regards,

Javier J. Salmerón

Was my answer helpful? Click on

melanka.w 2018-10-02 08:44:02 UTC #6

Hi,

I have attached the configurations.

BR,
Sachith
.

jsalmeron 2018-10-03 08:55:07 UTC #7

Hi,

I was able to connect through the TCP port, just like you. Regarding the SSL connection, I am unable to connect but I don't see any response from the server. I tried using the mosquitto_pub but it seems there is an issue with the CA. Could you try using the mosquitto_pub and see if the same error occurs?

Best regards,

Javier J. Salmerón

Was my answer helpful? Click on

melanka.w 2018-10-03 11:09:46 UTC #8

Hi,
I connected using SSL certificates and mosquitto_pub. I got the following error.
TLS server: In state certify received CLIENT ALERT: Fatal - Internal Error

I also think there is an error with certificates. But I generated certificates using [1].

[1] https://github.com/michaelklishin/tls-gen

BR,
Sachith

jsalmeron 2018-10-04 09:22:22 UTC #9

Could you try creating the certificates using, for example, OpenSSL or the Cloudflare SSL Toolkit?

gist.github.com

https://gist.github.com/Soarez/9688998

ca.md


# How to setup your own CA with OpenSSL

For educational reasons I've decided to create my own CA.
Here is what I learned.

# First things first

Lets get some context first.

This file has been truncated. show original

Hope it helps

Best regards,

Javier J. Salmerón

Was my answer helpful? Click on

system 2018-10-18 09:22:42 UTC #10

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Bitnami provides free all-in-one installers, virtual machines and cloud images for popular open source applications. Get them now!