RabbitMQ SSL Auth Error

Hi guys
I'm facing issues while trying to connect to rabbit with SSL
certificates, whiout SSL it works fine, this is what I did

Followed this to generate the certs: https://www.rabbitmq.com/ssl.html

Config:

"rabbitmq": {
    "host": "hostname",
    "port": 5671,
    "vhost": "/sensu",
    "user": "sensu",
    "password": "agoodpassword",
    "ssl": {
      "cert_chain_file": "/etc/sensu/ssl/cert.pem",
      "private_key_file": "/etc/sensu/ssl/key.pem"
    }

RMQ
{ssl_options, [{cacertfile, "/etc/rabbitmq/ssl/cacert.pem"},
                   {certfile, "/etc/rabbitmq/ssl/cert.pem"},
                   {keyfile, "/etc/rabbitmq/ssl/key.pem"},
                   {verify, verify_peer},
                   {fail_if_no_peer_cert, false}]}

level":"warn","message":"transport connection
error","reason":"possible authentication failure. wrong
credentials?","user":"sensu"}

Am I facing this bug? https://github.com/sensu/sensu/issues/1550

Sensu version
sensu-0.28.5-2.el7.x86_64

Thanks in advance
Regards

I'm also getting this on rabbitmq error log:

=ERROR REPORT==== 5-Apr-2017::13:48:19 ===
error on AMQP connection <0.1145.0>:
{ssl_upgrade_failure,
    {{function_clause,
         [{tls_v1,enum_to_oid,[28],[{file,"tls_v1.erl"},{line,404}]},

** When State == hello
** Data == {state,server,
                     {#Ref<0.0.0.29667>,<0.1205.0>},
                     gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,
                     "localhost",5671,#Port<0.9074>,
                     {ssl_options,undefined,
                         [{3,3},{3,2},{3,1}],
                         verify_peer,
                         {#Fun<ssl.3.94144976>,
                          #Fun<rabbit_networking.1.106337268>},
                         false,false,undefined,1,
                         <<"/etc/rabbitmq/ssl/cert.pem">>,undefined,
                         <<"/etc/rabbitmq/ssl/key.pem">>,undefined,undefined,
                         undefined,<<"/etc/rabbitmq/ssl/cacert.pem">>,
                         undefined,undefined,undefined,undefined,undefined,
                         [<<0,107>>,

···

---------- Forwarded message ----------
From: Net Warrior <netwarrior863@gmail.com>
Date: 2017-04-05 15:46 GMT-03:00
Subject: RabbitMQ SSL Auth Error
To: sensu-users <sensu-users@googlegroups.com>

Hi guys
I'm facing issues while trying to connect to rabbit with SSL
certificates, whiout SSL it works fine, this is what I did

Followed this to generate the certs: https://www.rabbitmq.com/ssl.html

Config:

"rabbitmq": {
    "host": "hostname",
    "port": 5671,
    "vhost": "/sensu",
    "user": "sensu",
    "password": "agoodpassword",
    "ssl": {
      "cert_chain_file": "/etc/sensu/ssl/cert.pem",
      "private_key_file": "/etc/sensu/ssl/key.pem"
    }

RMQ
{ssl_options, [{cacertfile, "/etc/rabbitmq/ssl/cacert.pem"},
                   {certfile, "/etc/rabbitmq/ssl/cert.pem"},
                   {keyfile, "/etc/rabbitmq/ssl/key.pem"},
                   {verify, verify_peer},
                   {fail_if_no_peer_cert, false}]}

level":"warn","message":"transport connection
error","reason":"possible authentication failure. wrong
credentials?","user":"sensu"}

Am I facing this bug? https://github.com/sensu/sensu/issues/1550

Sensu version
sensu-0.28.5-2.el7.x86_64

Thanks in advance
Regards

The Certificates seems to be working:
/etc/sensu/ssl

openssl s_client -connect localhost:5671 -cert cert.pem -key key.pem
-CAfile cacert.pem

subject=/CN=servername.domain.com/O=server
issuer=/CN=Sensu

···

---
Acceptable client certificate CA names
/CN=Sensu
---
SSL handshake has read 2740 bytes and written 3891 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol : TLSv1.2
    Cipher : AES256-SHA256
    Session-ID: 609AD372595DFD091475CE49B945ADE65F451AF5249FB05633247AEA347CB125
    Session-ID-ctx:
    Master-Key:
8B8D2D00649DA6A8E1A9D81CCF6C1FA32AA435AEE552C425CD6F1E5A3F3145C525E6791586762E9605C7AD65A2D4B46C
    Key-Arg : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1491419784
    Timeout : 300 (sec)
    Verify return code: 0 (ok)

---------- Forwarded message ----------
From: Net Warrior <netwarrior863@gmail.com>
Date: 2017-04-05 15:46 GMT-03:00
Subject: RabbitMQ SSL Auth Error
To: sensu-users <sensu-users@googlegroups.com>

Hi guys
I'm facing issues while trying to connect to rabbit with SSL
certificates, whiout SSL it works fine, this is what I did

Followed this to generate the certs: https://www.rabbitmq.com/ssl.html

Config:

"rabbitmq": {
    "host": "hostname",
    "port": 5671,
    "vhost": "/sensu",
    "user": "sensu",
    "password": "agoodpassword",
    "ssl": {
      "cert_chain_file": "/etc/sensu/ssl/cert.pem",
      "private_key_file": "/etc/sensu/ssl/key.pem"
    }

RMQ
{ssl_options, [{cacertfile, "/etc/rabbitmq/ssl/cacert.pem"},
                   {certfile, "/etc/rabbitmq/ssl/cert.pem"},
                   {keyfile, "/etc/rabbitmq/ssl/key.pem"},
                   {verify, verify_peer},
                   {fail_if_no_peer_cert, false}]}

level":"warn","message":"transport connection
error","reason":"possible authentication failure. wrong
credentials?","user":"sensu"}

Am I facing this bug? https://github.com/sensu/sensu/issues/1550

Sensu version
sensu-0.28.5-2.el7.x86_64

Thanks in advance
Regards

Can you paste Sensu’s rabbitmq configuration?

···

On Wed, Apr 5, 2017 at 12:19 PM, Net Warrior netwarrior863@gmail.com wrote:

Hi guys

I’m facing issues while trying to connect to rabbit with SSL

certificates, whiout SSL it works fine, this is what I did

Followed this to generate the certs: https://www.rabbitmq.com/ssl.html

Config:

“rabbitmq”: {

"host": "hostname",

"port": 5671,

"vhost": "/sensu",

"user": "sensu",

"password": "agoodpassword",

"ssl": {

  "cert_chain_file": "/etc/sensu/ssl/cert.pem",

  "private_key_file": "/etc/sensu/ssl/key.pem"

}

RMQ

{ssl_options, [{cacertfile, “/etc/rabbitmq/ssl/cacert.pem”},

               {certfile,             "/etc/rabbitmq/ssl/cert.pem"},

               {keyfile,              "/etc/rabbitmq/ssl/key.pem"},

               {verify,               verify_peer},

               {fail_if_no_peer_cert, false}]}

level":“warn”,“message”:"transport connection

error",“reason”:"possible authentication failure. wrong

credentials?",“user”:“sensu”}

Am I facing this bug? https://github.com/sensu/sensu/issues/1550

Sensu version

sensu-0.28.5-2.el7.x86_64

Thanks in advance

Regards

The Certificates seems to be working:

/etc/sensu/ssl

openssl s_client -connect localhost:5671 -cert cert.pem -key key.pem

-CAfile cacert.pem

subject=/CN=servername.domain.com/O=server

issuer=/CN=Sensu


Acceptable client certificate CA names

/CN=Sensu


SSL handshake has read 2740 bytes and written 3891 bytes


New, TLSv1/SSLv3, Cipher is AES256-SHA256

Server public key is 4096 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol  : TLSv1.2

Cipher    : AES256-SHA256

Session-ID: 609AD372595DFD091475CE49B945ADE65F451AF5249FB05633247AEA347CB125

Session-ID-ctx:

Master-Key:

8B8D2D00649DA6A8E1A9D81CCF6C1FA32AA435AEE552C425CD6F1E5A3F3145C525E6791586762E9605C7AD65A2D4B46C

Key-Arg   : None

Krb5 Principal: None

PSK identity: None

PSK identity hint: None

Start Time: 1491419784

Timeout   : 300 (sec)

Verify return code: 0 (ok)

---------- Forwarded message ----------

From: Net Warrior netwarrior863@gmail.com

Date: 2017-04-05 15:46 GMT-03:00

Subject: RabbitMQ SSL Auth Error

To: sensu-users sensu-users@googlegroups.com

What version of Erlang is in use here? This rabbitmq-discuss thread suggests that this error is indicative of a bug in R16: http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2014-April/035637.html

···

On Wednesday, April 5, 2017 at 12:50:59 PM UTC-6, Kernel Panic wrote:

I’m also getting this on rabbitmq error log:

=ERROR REPORT==== 5-Apr-2017::13:48:19 ===
error on AMQP connection <0.1145.0>:
{ssl_upgrade_failure,
{{function_clause,
[{tls_v1,enum_to_oid,[28],[{file,“tls_v1.erl”},{line,404}]},

** When State == hello
** Data == {state,server,
{#Ref<0.0.0.29667>,<0.1205.0>},
gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,
“localhost”,5671,#Port<0.9074>,
{ssl_options,undefined,
[{3,3},{3,2},{3,1}],
verify_peer,
{#Fun<ssl.3.94144976>,
#Fun<rabbit_networking.1.106337268>},
false,false,undefined,1,
<<"/etc/rabbitmq/ssl/cert.pem">>,undefined,
<<"/etc/rabbitmq/ssl/key.pem">>,undefined,undefined,
undefined,<<"/etc/rabbitmq/ssl/cacert.pem">>,
undefined,undefined,undefined,undefined,undefined,
[<<0,107>>,

---------- Forwarded message ----------
From: Net Warrior netwar...@gmail.com
Date: 2017-04-05 15:46 GMT-03:00
Subject: RabbitMQ SSL Auth Error
To: sensu-users sensu...@googlegroups.com

Hi guys
I’m facing issues while trying to connect to rabbit with SSL
certificates, whiout SSL it works fine, this is what I did

Followed this to generate the certs: https://www.rabbitmq.com/ssl.html

Config:

“rabbitmq”: {
“host”: “hostname”,
“port”: 5671,
“vhost”: “/sensu”,
“user”: “sensu”,
“password”: “agoodpassword”,
“ssl”: {
“cert_chain_file”: “/etc/sensu/ssl/cert.pem”,
“private_key_file”: “/etc/sensu/ssl/key.pem”
}

RMQ
{ssl_options, [{cacertfile, “/etc/rabbitmq/ssl/cacert.pem”},
{certfile, “/etc/rabbitmq/ssl/cert.pem”},
{keyfile, “/etc/rabbitmq/ssl/key.pem”},
{verify, verify_peer},
{fail_if_no_peer_cert, false}]}

level":“warn”,“message”:“transport connection
error”,“reason”:“possible authentication failure. wrong
credentials?”,“user”:“sensu”}

Am I facing this bug? https://github.com/sensu/sensu/issues/1550

Sensu version
sensu-0.28.5-2.el7.x86_64

Thanks in advance
Regards

Hi
I'm using Erlan R16B-03.18.el7 , is that the one suffering the bug?

Thanks
Regards

···

On 04/06/2017 12:56 PM, Cameron Johnston wrote:

What version of Erlang is in use here? This rabbitmq-discuss thread suggests that this error is indicative of a bug in R16: http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2014-April/035637.html

On Wednesday, April 5, 2017 at 12:50:59 PM UTC-6, Kernel Panic wrote:

    I'm also getting this on rabbitmq error log:

    =ERROR REPORT==== 5-Apr-2017::13:48:19 ===
    error on AMQP connection <0.1145.0>:
    {ssl_upgrade_failure,
        {{function_clause,
             [{tls_v1,enum_to_oid,[28],[{file,"tls_v1.erl"},{line,404}]},

    ** When State == hello
    ** Data == {state,server,
                         {#Ref<0.0.0.29667>,<0.1205.0>},
                         gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,
                         "localhost",5671,#Port<0.9074>,
                         {ssl_options,undefined,
                             [{3,3},{3,2},{3,1}],
                             verify_peer,
                             {#Fun<ssl.3.94144976>,
                              #Fun<rabbit_networking.1.106337268>},
                             false,false,undefined,1,
                             <<"/etc/rabbitmq/ssl/cert.pem">>,undefined,
                                <<"/etc/rabbitmq/ssl/key.pem">>,undefined,undefined,
                                undefined,<<"/etc/rabbitmq/ssl/cacert.pem">>,
                                undefined,undefined,undefined,undefined,undefined,
                             [<<0,107>>,

    ---------- Forwarded message ----------
    From: Net Warrior <netwar...@gmail.com <javascript:>>
    Date: 2017-04-05 15:46 GMT-03:00
    Subject: RabbitMQ SSL Auth Error
    To: sensu-users <sensu...@googlegroups.com <javascript:>>

    Hi guys
    I'm facing issues while trying to connect to rabbit with SSL
    certificates, whiout SSL it works fine, this is what I did

    Followed this to generate the certs:
    https://www.rabbitmq.com/ssl.html

    Config:

    "rabbitmq": {
        "host": "hostname",
        "port": 5671,
        "vhost": "/sensu",
        "user": "sensu",
        "password": "agoodpassword",
        "ssl": {
          "cert_chain_file": "/etc/sensu/ssl/cert.pem",
          "private_key_file": "/etc/sensu/ssl/key.pem"
        }

    RMQ
    {ssl_options, [{cacertfile, "/etc/rabbitmq/ssl/cacert.pem"},
                       {certfile, "/etc/rabbitmq/ssl/cert.pem"},
                       {keyfile, "/etc/rabbitmq/ssl/key.pem"},
                       {verify, verify_peer},
                       {fail_if_no_peer_cert, false}]}

    level":"warn","message":"transport connection
    error","reason":"possible authentication failure. wrong
    credentials?","user":"sensu"}

    Am I facing this bug? https://github.com/sensu/sensu/issues/1550
    <https://github.com/sensu/sensu/issues/1550>

    Sensu version
    sensu-0.28.5-2.el7.x86_64

    Thanks in advance
    Regards

Sure

"rabbitmq": {

"host": "servername",
"port": 5671,
"vhost": "/sensu",
"user": "sensu",
"password": "ac9a27a0d1bfc0ee9b722e58bd84fb"
"ssl": {
"cert_chain_file": "/etc/sensu/ssl/cert.pem",
"private_key_file": "/etc/sensu/ssl/key.pem"
}

Thanks
Regards

···

On 04/06/2017 11:45 AM, Kyle Anderson wrote:

Can you paste Sensu's rabbitmq configuration?

On Wed, Apr 5, 2017 at 12:19 PM, Net Warrior <netwarrior863@gmail.com > <mailto:netwarrior863@gmail.com>> wrote:

    The Certificates seems to be working:
    /etc/sensu/ssl

     openssl s_client -connect localhost:5671 -cert cert.pem -key key.pem
    -CAfile cacert.pem

    subject=/CN=servername.domain.com/O=server
    <http://servername.domain.com/O=server>
    issuer=/CN=Sensu
    ---
    Acceptable client certificate CA names
    /CN=Sensu
    ---
    SSL handshake has read 2740 bytes and written 3891 bytes
    ---
    New, TLSv1/SSLv3, Cipher is AES256-SHA256
    Server public key is 4096 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol : TLSv1.2
        Cipher : AES256-SHA256
        Session-ID:
    609AD372595DFD091475CE49B945ADE65F451AF5249FB05633247AEA347CB125
        Session-ID-ctx:
        Master-Key:
    8B8D2D00649DA6A8E1A9D81CCF6C1FA32AA435AEE552C425CD6F1E5A3F3145C525E6791586762E9605C7AD65A2D4B46C
        Key-Arg : None
        Krb5 Principal: None
        PSK identity: None
        PSK identity hint: None
        Start Time: 1491419784
        Timeout : 300 (sec)
        Verify return code: 0 (ok)

    ---------- Forwarded message ----------
    From: Net Warrior <netwarrior863@gmail.com
    <mailto:netwarrior863@gmail.com>>
    Date: 2017-04-05 15:46 GMT-03:00
    Subject: RabbitMQ SSL Auth Error
    To: sensu-users <sensu-users@googlegroups.com
    <mailto:sensu-users@googlegroups.com>>

    Hi guys
    I'm facing issues while trying to connect to rabbit with SSL
    certificates, whiout SSL it works fine, this is what I did

    Followed this to generate the certs:
    https://www.rabbitmq.com/ssl.html

    Config:

    "rabbitmq": {
        "host": "hostname",
        "port": 5671,
        "vhost": "/sensu",
        "user": "sensu",
        "password": "agoodpassword",
        "ssl": {
          "cert_chain_file": "/etc/sensu/ssl/cert.pem",
          "private_key_file": "/etc/sensu/ssl/key.pem"
        }

    RMQ
    {ssl_options, [{cacertfile, "/etc/rabbitmq/ssl/cacert.pem"},
                       {certfile, "/etc/rabbitmq/ssl/cert.pem"},
                       {keyfile, "/etc/rabbitmq/ssl/key.pem"},
                       {verify, verify_peer},
                       {fail_if_no_peer_cert, false}]}

    level":"warn","message":"transport connection
    error","reason":"possible authentication failure. wrong
    credentials?","user":"sensu"}

    Am I facing this bug? https://github.com/sensu/sensu/issues/1550
    <https://github.com/sensu/sensu/issues/1550>

    Sensu version
    sensu-0.28.5-2.el7.x86_64

    Thanks in advance
    Regards

Yes I believe R16B03 is affected by the bug in question, which is believed to be fixed in Erlang R17.
Per https://www.rabbitmq.com/which-erlang.html, Erlang R17 or later is required for reliable use of SSL/TLS.

Regards,

Cameron

···

On Sat, Apr 8, 2017 at 7:43 PM Net Warrior netwarrior863@gmail.com wrote:

Hi

I’m using Erlan R16B-03.18.el7 , is that the one suffering the bug?

Thanks

Regards

On 04/06/2017 12:56 PM, Cameron Johnston wrote:

What version of Erlang is in use here? This rabbitmq-discuss thread

suggests that this error is indicative of a bug in R16:

http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2014-April/035637.html

On Wednesday, April 5, 2017 at 12:50:59 PM UTC-6, Kernel Panic wrote:

I'm also getting this on rabbitmq error log:
=ERROR REPORT==== 5-Apr-2017::13:48:19 ===
error on AMQP connection <0.1145.0>:
{ssl_upgrade_failure,
    {{function_clause,
         [{tls_v1,enum_to_oid,[28],[{file,"tls_v1.erl"},{line,404}]},
** When State == hello
**      Data  == {state,server,
                     {#Ref<0.0.0.29667>,<0.1205.0>},
                     gen_tcp,tls_connection,tcp,tcp_closed,tcp_error,
                     "localhost",5671,#Port<0.9074>,
                     {ssl_options,undefined,
                         [{3,3},{3,2},{3,1}],
                         verify_peer,
                         {#Fun<ssl.3.94144976>,
                          #Fun<rabbit_networking.1.106337268>},
                         false,false,undefined,1,
                         <<"/etc/rabbitmq/ssl/cert.pem">>,undefined,
 <<"/etc/rabbitmq/ssl/key.pem">>,undefined,undefined,
 undefined,<<"/etc/rabbitmq/ssl/cacert.pem">>,
 undefined,undefined,undefined,undefined,undefined,
                         [<<0,107>>,
---------- Forwarded message ----------
From: Net Warrior <netwar...@gmail.com <javascript:>>
Date: 2017-04-05 15:46 GMT-03:00
Subject: RabbitMQ SSL Auth Error
To: sensu-users <sensu...@googlegroups.com <javascript:>>
Hi guys
I'm facing issues while trying to connect to rabbit with SSL
certificates, whiout SSL it works fine, this is what I did
Followed this to generate the certs:
[https://www.rabbitmq.com/ssl.html](https://www.rabbitmq.com/ssl.html) <[https://www.rabbitmq.com/ssl.html](https://www.rabbitmq.com/ssl.html)>
Config:
"rabbitmq": {
    "host": "hostname",
    "port": 5671,
    "vhost": "/sensu",
    "user": "sensu",
    "password": "agoodpassword",
    "ssl": {
      "cert_chain_file": "/etc/sensu/ssl/cert.pem",
      "private_key_file": "/etc/sensu/ssl/key.pem"
    }
RMQ
{ssl_options, [{cacertfile, "/etc/rabbitmq/ssl/cacert.pem"},
                   {certfile, "/etc/rabbitmq/ssl/cert.pem"},
                   {keyfile,  "/etc/rabbitmq/ssl/key.pem"},
                   {verify,               verify_peer},
                   {fail_if_no_peer_cert, false}]}
level":"warn","message":"transport connection
error","reason":"possible authentication failure. wrong
credentials?","user":"sensu"}
Am I facing this bug? [https://github.com/sensu/sensu/issues/1550](https://github.com/sensu/sensu/issues/1550)
<[https://github.com/sensu/sensu/issues/1550](https://github.com/sensu/sensu/issues/1550)>
Sensu version
sensu-0.28.5-2.el7.x86_64
Thanks in advance
Regards