<div dir="ltr"><div style="font-family:arial,sans-serif;font-size:13px">I am trying to configure SSL for connections to my RabbitMQ broker. I realize that this is not the RabbitMQ mailing list, but I think that my problem is related specifically to Erlang's SSL implementation. I was able to get it working with a certificate/key pair created directly with OpenSSL; however, when I converted a certificate made with makecert.exe to PEM format and try to use that, the client fails to connect and the server logs an ssl_upgrade_failure. It seems that there is something about my certificate that Erlang doesn't like.</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">I am using Erlang R16B.</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">
Here is my certificate:</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">-----BEGIN CERTIFICATE-----</div><div style="font-family:arial,sans-serif;font-size:13px">
MIIDTzCCAjugAwIBAgIQYuux7Ob2BL5PUnDLgT/igTAJBgUrDgMCHQUAMCgxJjAk</div><div style="font-family:arial,sans-serif;font-size:13px">BgNVBAMTHUVsbGtheSBTdGFnaW5nIFJvb3QgQXV0aG9yaXR5MB4XDTEyMDgxNTE1</div><div style="font-family:arial,sans-serif;font-size:13px">
MTMzN1oXDTM5MTIzMTIzNTk1OVowMzExMC8GA1UEAx4oACoALgBsAGsAYwBsAG8A</div><div style="font-family:arial,sans-serif;font-size:13px">dQBkAHMAdABhAGcAaQBuAGcALgBjAG8AbTCCASIwDQYJKoZIhvcNAQEBBQADggEP</div><div style="font-family:arial,sans-serif;font-size:13px">
ADCCAQoCggEBANhryzuSNbDOUVqD7Oby/z+JNjICGemlpP0qmcAZ8JbE7ci/l5eu</div><div style="font-family:arial,sans-serif;font-size:13px">BYwIyKy/LvjYYV6Z8ZlMKIbzmEgKxGCmSZjTcg08QXxG7CXpJfls/1ycv8Le7Tz0</div><div style="font-family:arial,sans-serif;font-size:13px">
ep2mzBnFhkOCNDQz2zAOiI/K6gwB0D2tv3O+j3ytnME8w+To5epzZSnfGHRIutQ4</div><div style="font-family:arial,sans-serif;font-size:13px">jC7rVz8T1oLixYynQ39tG6L5ALmu5u1DZTRYmzaIbF16c6dy1m8OCqAvQ3LnykZq</div><div style="font-family:arial,sans-serif;font-size:13px">
rukjjaLDlJT6ZbUUXaZeGS2avf8ZM0f+HlrdDR+IFC/CxipxzHa6kStc+1dZVgqj</div><div style="font-family:arial,sans-serif;font-size:13px">jT7ql9nEQ/8DaXmF4C749ELbtWOlSB/ElwUCAwEAAaNyMHAwEwYDVR0lBAwwCgYI</div><div style="font-family:arial,sans-serif;font-size:13px">
KwYBBQUHAwEwWQYDVR0BBFIwUIAQx8ryGLLGJ2Qr6NrWGYDWT6EqMCgxJjAkBgNV</div><div style="font-family:arial,sans-serif;font-size:13px">BAMTHUVsbGtheSBTdGFnaW5nIFJvb3QgQXV0aG9yaXR5ghAu7ZXj5fLAu0CXveR3</div><div style="font-family:arial,sans-serif;font-size:13px">
xHi0MAkGBSsOAwIdBQADggEBACiAPScOR/DViwY4ZDVSxeGFqezh6ubWt4aqrYlt</div><div style="font-family:arial,sans-serif;font-size:13px">h6ODWF1T0uUjf/VKksPtXlAxAz1F7IHmf80VAGPY18ZmH9JvnVz67PdGcKi6RMHY</div><div style="font-family:arial,sans-serif;font-size:13px">
vpBT79vbv0/+9TXxdIl2+qafuVb5ckmSlq1pIslnlZszt32pwrSYDvLihfRLStvV</div><div style="font-family:arial,sans-serif;font-size:13px">MzKtUGRsug/eUeuCQBAalAHmuNh77bC6Bnp2ZMg/7HEb0bqXQS1mOupiN3Ylpe/y</div><div style="font-family:arial,sans-serif;font-size:13px">
r3pT7+xLzyzX4NY7GyYVO2VPnz2kvNbrTsTPWO7y1NQc3tDbRIwQeCqpYditByVN</div><div style="font-family:arial,sans-serif;font-size:13px">cS/zgODqcpH1NipIfL/JTMFvA5O0jlgpSQDbRxiQELjJ9ms=</div><div style="font-family:arial,sans-serif;font-size:13px">
-----END CERTIFICATE-----</div><div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">Here is the relevant part of the log from RabbitMQ:</div><div style="font-family:arial,sans-serif;font-size:13px">
<div><br></div><div>=INFO REPORT==== 28-Mar-2013::20:46:52 ===</div><div>accepting AMQP connection <0.301.0> (<a href="http://192.168.51.234:50804/" target="_blank">192.168.51.234:50804</a> -> <a href="http://192.168.51.153:5671/" target="_blank">192.168.51.153:5671</a>)</div>
<div><br></div><div>=ERROR REPORT==== 28-Mar-2013::20:46:52 ===</div><div>** State machine <0.302.0> terminating </div><div>** Last message in was {tcp,#Port<0.15153>,</div><div> <<22,3,0,0,53,1,0,0,49,3,0,81,84,228,150,220,41,</div>
<div> 203,120,104,165,175,147,215,108,167,136,54,238,</div><div> 178,50,70,122,181,212,166,114,251,121,27,202,52,</div><div> 143,0,0,10,0,5,0,10,0,19,0,4,0,255,1,0>>}</div>
<div>** When State == hello</div><div>** Data == {state,server,</div><div> {#Ref<0.0.0.1972>,<0.301.0>},</div><div> gen_tcp,tcp,tcp_closed,tcp_error,"localhost",5671,</div>
<div> #Port<0.15153>,</div><div> {ssl_options,[],verify_none,</div><div> {#Fun<ssl.1.131723950>,[]},</div><div> false,false,undefined,1,</div>
<div> <<"C:/Users/ScottB/AppData/Roaming/RabbitMQ/lkcloudstaging_cer.pem">>,</div><div> undefined,</div><div> <<"C:/Users/ScottB/AppData/Roaming/RabbitMQ/server/key.pem">>,</div>
<div> undefined,undefined,undefined,<<>>,undefined,</div><div> undefined,</div><div> [<<0,107>>,</div><div> <<0,106>>,</div>
<div> <<0,61>>,</div><div> <<0,103>>,</div><div> <<0,64>>,</div><div> <<0,60>>,</div>
<div> <<0,57>>,</div><div> <<0,56>>,</div><div> <<0,53>>,</div><div> <<0,22>>,</div>
<div> <<0,19>>,</div><div> <<0,10>>,</div><div> <<0,51>>,</div><div> <<0,50>>,</div>
<div> <<0,47>>,</div><div> <<0,5>>,</div><div> <<0,4>>,</div><div> <<0,21>>,</div>
<div> <<0,9>>],</div><div> #Fun<ssl.0.131723950>,true,268435456,false,undefined,</div><div> undefined,false,undefined,undefined},</div>
<div> {socket_options,binary,0,0,0,false},</div><div> {connection_states,</div><div> {connection_state,</div><div> {security_parameters,</div>
<div> <<0,0>>,</div><div> 0,0,0,0,0,0,0,0,0,0,0,undefined,undefined,</div><div> undefined,undefined},</div><div> undefined,undefined,undefined,0,undefined,</div>
<div> undefined,undefined},</div><div> {connection_state,</div><div> {security_parameters,undefined,0,undefined,</div><div> undefined,undefined,undefined,undefined,</div>
<div> undefined,undefined,undefined,undefined,</div><div> undefined,undefined,undefined,</div><div> <<81,84,228,124,31,218,166,3,48,108,125,182,</div>
<div> 121,180,129,153,59,55,16,200,98,117,189,183,</div><div> 170,169,208,189,111,61,67,162>>,</div><div> undefined},</div>
<div> undefined,undefined,undefined,undefined,</div><div> undefined,undefined,undefined},</div><div> {connection_state,</div><div> {security_parameters,</div>
<div> <<0,0>>,</div><div> 0,0,0,0,0,0,0,0,0,0,0,undefined,undefined,</div><div> undefined,undefined},</div><div> undefined,undefined,undefined,0,undefined,</div>
<div> undefined,undefined},</div><div> {connection_state,</div><div> {security_parameters,undefined,0,undefined,</div><div> undefined,undefined,undefined,undefined,</div>
<div> undefined,undefined,undefined,undefined,</div><div> undefined,undefined,undefined,</div><div> <<81,84,228,124,31,218,166,3,48,108,125,182,</div>
<div> 121,180,129,153,59,55,16,200,98,117,189,183,</div><div> 170,169,208,189,111,61,67,162>>,</div><div> undefined},</div>
<div> undefined,undefined,undefined,undefined,</div><div> undefined,undefined,undefined}},</div><div> [],<<>>,<<>>,</div>
<div> {[],[]},</div><div> [],311374,</div><div> {session,undefined,undefined,</div><div> <<48,130,3,79,48,130,2,59,160,3,2,1,2,2,16,98,235,177,</div>
<div> 236,230,246,4,190,79,82,112,203,129,63,226,129,48,9,</div><div> 6,5,43,14,3,2,29,5,0,48,40,49,38,48,36,6,3,85,4,3,</div><div> 19,29,69,108,108,107,97,121,32,83,116,97,103,105,</div>
<div> 110,103,32,82,111,111,116,32,65,117,116,104,111,114,</div><div> 105,116,121,48,30,23,13,49,50,48,56,49,53,49,53,49,</div><div> 51,51,55,90,23,13,51,57,49,50,51,49,50,51,53,57,53,</div>
<div> 57,90,48,51,49,49,48,47,6,3,85,4,3,30,40,0,42,0,46,</div><div> 0,108,0,107,0,99,0,108,0,111,0,117,0,100,0,115,0,</div><div> 116,0,97,0,103,0,105,0,110,0,103,0,46,0,99,0,111,0,</div>
<div> 109,48,130,1,34,48,13,6,9,42,134,72,134,247,13,1,1,</div><div> 1,5,0,3,130,1,15,0,48,130,1,10,2,130,1,1,0,216,107,</div><div> 203,59,146,53,176,206,81,90,131,236,230,242,255,63,</div>
<div> 137,54,50,2,25,233,165,164,253,42,153,192,25,240,</div><div> 150,196,237,200,191,151,151,174,5,140,8,200,172,191,</div><div> 46,248,216,97,94,153,241,153,76,40,134,243,152,72,</div>
<div> 10,196,96,166,73,152,211,114,13,60,65,124,70,236,37,</div><div> 233,37,249,108,255,92,156,191,194,222,237,60,244,</div><div> 122,157,166,204,25,197,134,67,130,52,52,51,219,48,</div>
<div> 14,136,143,202,234,12,1,208,61,173,191,115,190,143,</div><div> 124,173,156,193,60,195,228,232,229,234,115,101,41,</div><div> 223,24,116,72,186,212,56,140,46,235,87,63,19,214,</div>
<div> 130,226,197,140,167,67,127,109,27,162,249,0,185,174,</div><div> 230,237,67,101,52,88,155,54,136,108,93,122,115,167,</div><div> 114,214,111,14,10,160,47,67,114,231,202,70,106,174,</div>
<div> 233,35,141,162,195,148,148,250,101,181,20,93,166,94,</div><div> 25,45,154,189,255,25,51,71,254,30,90,221,13,31,136,</div><div> 20,47,194,198,42,113,204,118,186,145,43,92,251,87,</div>
<div> 89,86,10,163,141,62,234,151,217,196,67,255,3,105,</div><div> 121,133,224,46,248,244,66,219,181,99,165,72,31,196,</div><div> 151,5,2,3,1,0,1,163,114,48,112,48,19,6,3,85,29,37,4,</div>
<div> 12,48,10,6,8,43,6,1,5,5,7,3,1,48,89,6,3,85,29,1,4,</div><div> 82,48,80,128,16,199,202,242,24,178,198,39,100,43,</div><div> 232,218,214,25,128,214,79,161,42,48,40,49,38,48,36,</div>
<div> 6,3,85,4,3,19,29,69,108,108,107,97,121,32,83,116,97,</div><div> 103,105,110,103,32,82,111,111,116,32,65,117,116,104,</div><div> 111,114,105,116,121,130,16,46,237,149,227,229,242,</div>
<div> 192,187,64,151,189,228,119,196,120,180,48,9,6,5,43,</div><div> 14,3,2,29,5,0,3,130,1,1,0,40,128,61,39,14,71,240,</div><div> 213,139,6,56,100,53,82,197,225,133,169,236,225,234,</div>
<div> 230,214,183,134,170,173,137,109,135,163,131,88,93,</div><div> 83,210,229,35,127,245,74,146,195,237,94,80,49,3,61,</div><div> 69,236,129,230,127,205,21,0,99,216,215,198,102,31,</div>
<div> 210,111,157,92,250,236,247,70,112,168,186,68,193,</div><div> 216,190,144,83,239,219,219,191,79,254,245,53,241,</div><div> 116,137,118,250,166,159,185,86,249,114,73,146,150,</div>
<div> 173,105,34,201,103,149,155,51,183,125,169,194,180,</div><div> 152,14,242,226,133,244,75,74,219,213,51,50,173,80,</div><div> 100,108,186,15,222,81,235,130,64,16,26,148,1,230,</div>
<div> 184,216,123,237,176,186,6,122,118,100,200,63,236,</div><div> 113,27,209,186,151,65,45,102,58,234,98,55,118,37,</div><div> 165,239,242,175,122,83,239,236,75,207,44,215,224,</div>
<div> 214,59,27,38,21,59,101,79,159,61,164,188,214,235,78,</div><div> 196,207,88,238,242,212,212,28,222,208,219,68,140,16,</div><div> 120,42,169,97,216,173,7,37,77,113,47,243,128,224,</div>
<div> 234,114,145,245,54,42,72,124,191,201,76,193,111,3,</div><div> 147,180,142,88,41,73,0,219,71,24,144,16,184,201,246,</div><div> 107>>,</div>
<div> undefined,undefined,undefined,new,63531722812},</div><div> 323665,ssl_session_cache,undefined,undefined,false,</div><div> undefined,undefined,undefined,</div>
<div> {'RSAPrivateKey','two-prime',</div><div> 25091000490399564416382733665912293706281236323287507449391018333858706088067104372951637210440828548699801793107621328582247328739957168356535343760898421117596223923057958675108280840952652110424468556362893842108742460936250265912296002218912760264533284800177616747391132407486580757942725318853670784742540298023139943942002078742079335138046822007139070167779479715409389988021492873379536675527198388004784204705449619014967663111341423672277165259908002197645143645833929707716094821495848245665580802072300300901995696081299311434728567907957618159230597695337971845318310069905698028328520007565703331606819,</div>
<div> 65537,</div><div> 12532291835951284642352753464759952731760837234028003552929880741268762456120795803045590924921343389430997938501684187097537025786559622030041471881063352256944852432936802405831735737793065202597533511207149656340503466992496089298764016305810310122514496309703131156584850210212028846765905833153120519214366483351036620512028360903366902227866159233021509892771286294064778569099266243884082209785268720465970929381008430443130075496396131177443808450873061131440124680376808011317874020764946935204300278562787258089499308485762628408971801392792765876969493808892573747399158232707154902628249712310347508330481,</div>
<div> 164613524625768478096728511491146234379950805547018160443402940694931123301226530314268605486708880647658162742710176890755691202467149416112553065729831746391569481381229328262217225008710581122456985360175690217141752754366597025760074826970126144030433840076718674219450293036228318089528491377991378917023,</div>
<div> 152423687831490839453627602007609954938806264385151113997291723876694061058672531571680491904693205860873313947735180318401018227463103944680073963443527347105243646402511993135691316201430837009543216841366727950952917475175355759283610454988240555587842851002909990207473661609226206434152468235025307200253,</div>
<div> 103984547751379971996375538203182369609466154978729646218112491292391375460388439026510307132524542623745369476562226118076733144497574174552444945117251391868174999766567175194585209852993108440859312097378784492720927449807326399887717438420071901928924585277569562140638458907286206884483421800776127924467,</div>
<div> 39507777060187907438527428403852332339678380351718296130002815409515266417499584872791499702229633458331247753638059539934359165508273901891762155988452310073344428665326017782260225343145179490686339388197454990354108505894437772295812911773276810317388444847741459078907412450309375905167279214922484907925,</div>
<div> 140777917719684893441642072243040594921813463059778562021367548768326948139714681618402000290527139618053328133891840461484222782830228667641262369743730585486629970714763524415800836168519782394433537656246543908266747427470739521793087643652694808980372432733634387874662999415574210646072641560865328049441,</div>
<div> asn1_NOVALUE},</div><div> {'DHParameter',</div><div> 179769313486231590770839156793787453197860296048756011706444423684197180216158519368947833795864925541502180565485980503646440548199239100050792877003355816639229553136239076508735759914822574862575007425302077447712589550957937778424442426617334727629299387668709205606050270810842907692932019128194467627007,</div>
<div> 2,asn1_NOVALUE},</div><div> undefined,undefined,315471,#Ref<0.0.0.1974>,undefined,</div><div> <<>>,true,</div><div> {false,first},</div>
<div> {<0.301.0>,#Ref<0.0.0.1971>},</div><div> #Ref<0.0.0.1980>,</div><div> {[],[]},</div><div> false,true,false,undefined}</div>
<div>** Reason for termination = </div><div>** {{badmatch,</div><div> {error,</div><div> {asn1,</div><div> {'Type not compatible with table constraint',</div><div> {{component,'Type'},</div>
<div> {value,{5,<<>>}},</div><div> {unique_name_and_value,id,{1,3,14,3,2,29}}}}}}},</div><div> [{public_key,pkix_decode_cert,2,[{file,"public_key.erl"},{line,218}]},</div>
<div> {ssl_cipher,filter,2,[{file,"ssl_cipher.erl"},{line,484}]},</div><div> {ssl_handshake,select_session,8,[{file,"ssl_handshake.erl"},{line,654}]},</div><div> {ssl_handshake,hello,4,[{file,"ssl_handshake.erl"},{line,178}]},</div>
<div> {ssl_connection,hello,2,[{file,"ssl_connection.erl"},{line,413}]},</div><div> {ssl_connection,next_state,4,[{file,"ssl_connection.erl"},{line,2001}]},</div><div> {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,494}]},</div>
<div> {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,239}]}]}</div><div><br></div><div>=ERROR REPORT==== 28-Mar-2013::20:46:52 ===</div><div>error on AMQP connection <0.301.0>: {ssl_upgrade_failure,</div>
<div> {{{badmatch,</div><div> {error,</div><div> {asn1,</div><div> {'Type not compatible with table constraint',</div>
<div> {{component,'Type'},</div><div> {value,{5,<<>>}},</div><div> {unique_name_and_value,id,</div>
<div> {1,3,14,3,2,29}}}}}}},</div><div> [{public_key,pkix_decode_cert,2,</div><div> [{file,"public_key.erl"},{line,218}]},</div>
<div> {ssl_cipher,filter,2,</div><div> [{file,"ssl_cipher.erl"},{line,484}]},</div><div> {ssl_handshake,select_session,8,</div>
<div> [{file,"ssl_handshake.erl"},</div><div> {line,654}]},</div><div> {ssl_handshake,hello,4,</div>
<div> [{file,"ssl_handshake.erl"},</div><div> {line,178}]},</div><div> {ssl_connection,hello,2,</div>
<div> [{file,"ssl_connection.erl"},</div><div> {line,413}]},</div><div> {ssl_connection,next_state,4,</div>
<div> [{file,"ssl_connection.erl"},</div><div> {line,2001}]},</div><div> {gen_fsm,handle_msg,7,</div>
<div> [{file,"gen_fsm.erl"},{line,494}]},</div><div> {proc_lib,init_p_do_apply,3,</div><div> [{file,"proc_lib.erl"},{line,239}]}]},</div>
<div> {gen_fsm,sync_send_all_state_event,</div><div> [<0.302.0>,{start,5000},infinity]}}}</div><div><br></div></div><div style="font-family:arial,sans-serif;font-size:13px">
Note that this certificate/key pair was created for testing purposes only, but I am concerned that our production certificate/key pair will fail in similar fashion.</div><div style="font-family:arial,sans-serif;font-size:13px">
<br></div><div style="font-family:arial,sans-serif;font-size:13px">Thanks,</div><div style="font-family:arial,sans-serif;font-size:13px">Scott</div></div>