我使用的是Windows Server 2019标准版1809 Build 17763.2803
我首先安装了Erlang 26.0(
otp_win64_26.0.exe
)。我添加了
Handle.exe
到路径。我还添加了
ERLANG_HOME
(值
C:\Program Files\Erlang OTP
)
然后我安装了RabbitMQ 3.12.1(
rabbitmq-server-3.12.1.exe
)。我已使用NuGet-RabbitMQ的.NET客户端成功连接到端口5672。客户端6.2.1
然后我使用tls-gen创建服务器证书:
make PASSWORD=12345678 CN=machine.domain.local DAYS_OF_VALIDITY=3650 NUMBER_OF_PRIVATE_KEY_BITS=2048 CLIENT_ALT_NAME=machine.domain.local
我正在安装
cacert.cer
从…起
tls-gen\basic\testca
然后我从中获取服务器证书、密钥和ca_certificate.pem
tls-gen\basic\result
并对其进行配置。我试着添加密码并删除它,无论其他什么,但例如:
[{rabbit,
[
{log_levels, [{connection, debug}, {queue, debug}]},
{log,
[
{file,
[
{level, debug}
]
},
{categories,
[
{connection,[{level, debug}]},
{queue, [{level, debug}]},
{console, [{enabled, true},{level, debug}]}
]
}
]
},
{ssl_listeners, [5671]},
{ssl_options,
[
{cacertfile, "C:\\Program Files\\RabbitMQ Server\\rabbitmq_server-3.12.1\\certs\\ca_certificate.pem"},
{certfile, "C:\\Program Files\\RabbitMQ Server\\rabbitmq_server-3.12.1\\certs\\server_certificate.pem"},
{keyfile, "C:\\Program Files\\RabbitMQ Server\\rabbitmq_server-3.12.1\\certs\\server_key.pem"},
{password, "12345678"}
]
}
]
}].
客户端无法通过TLS连接到RabbitMQ。它抛出异常:
RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable
---> System.AggregateException: One or more errors occurred. (Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..)
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
我可以看到rabbitmq正在监听端口,但我无法连接到它:
2023-06-30 18:47:28.888000+03:00 [info] <0.692.0> started TLS (SSL) listener on [::]:5671
2023-06-30 18:47:28.888000+03:00 [info] <0.712.0> started TLS (SSL) listener on 0.0.0.0:5671
2023-06-30 18:47:28.935000+03:00 [debug] <0.543.0> Plugins discovery: ignoring getopt, not a RabbitMQ plugin
2023-06-30 18:47:28.935000+03:00 [debug] <0.543.0> Plugins discovery: ignoring quantile_estimator, not a RabbitMQ plugin
2023-06-30 18:47:28.997000+03:00 [debug] <0.543.0> Plugins discovery: ignoring getopt, not a RabbitMQ plugin
2023-06-30 18:47:28.997000+03:00 [debug] <0.543.0> Plugins discovery: ignoring quantile_estimator, not a RabbitMQ plugin
2023-06-30 18:47:29.029000+03:00 [info] <0.543.0> Server startup complete; 3 plugins started.
2023-06-30 18:47:29.029000+03:00 [info] <0.543.0> * rabbitmq_management
2023-06-30 18:47:29.029000+03:00 [info] <0.543.0> * rabbitmq_web_dispatch
2023-06-30 18:47:29.029000+03:00 [info] <0.543.0> * rabbitmq_management_agent
2023-06-30 18:47:29.029000+03:00 [debug] <0.543.0> Marking RabbitMQ as running
2023-06-30 18:47:29.029000+03:00 [debug] <0.543.0> Change boot state to `ready`
2023-06-30 18:47:29.029000+03:00 [debug] <0.148.0> Boot state/systemd: notifying of state `ready`
2023-06-30 18:47:29.232000+03:00 [debug] <0.9.0> Time to start RabbitMQ: 5793485 us
2023-06-30 18:47:35.164000+03:00 [debug] <0.719.0> Plugins discovery: ignoring getopt, not a RabbitMQ plugin
2023-06-30 18:47:35.164000+03:00 [debug] <0.719.0> Plugins discovery: ignoring quantile_estimator, not a RabbitMQ plugin
2023-06-30 18:48:13.260000+03:00 [notice] <0.724.0> TLS server: In state hello at tls_handshake.erl:354 generated SERVER ALERT: Fatal - Insufficient Security
2023-06-30 18:48:13.260000+03:00 [notice] <0.724.0> - no_suitable_ciphers
在服务器上,我禁止所有旧的TLS版本。只有TLSv1.2处于活动状态,目前我无法支持TLSv1.3。我已经允许使用IISCrypto的所有可能的密码套件。我不确定TLS握手中是否存在问题,因为客户端和服务器试图协商他们无法协商的内容,或者证书无效(TLS-gen表示证书有效)。我已经在Windows Server 2012上做了几次,没有任何问题。我甚至尝试从另一台机器上复制运行良好的证书,但我一直收到错误。
