New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Panic when providing a TLS certificate and a key to a listener. #51
Comments
If i disable tls listener and certificates and let it pass over to wss without panicking i get the same thing for the wss
|
From the error message, it appears that it is a configuration problem with ‘listener.tls.external.key’. Can you post your complete configuration so I can take a look? |
This is the config as it was when those errors occurred, when i commented out/disabled the listener.tls.external blocks then the same error came up when starting up the listener.wss.external, so to continue my work i had to disable listener.wss.external as well. I have verified and the certificates and keys are in the correct position and can be read by the runtime user running the application. |
It should be that the '/etc/rmqtt/certificates/RMQTT.key' file format is wrong. I configured the key as 'rmqtt-bin/rmqtt.key' in the project, which is correct. If you must enable the TLS function, it is recommended to use the 'key' and 'cert' in the project to debug the connection correctly, and then replace it with the 'key' and 'cert' generated by yourself. If tls functionality is not needed, disable it. |
You can try using 'https://github.com/rmqtt/rmqtt/blob/master/rmqtt-bin/gen_x509.sh' to generate your own 'key' and 'cert' |
Wait what!,, changing out the certs worked,, but why,, the certificates and keys are generated and validated using openssl, what could be the difference between them ? I'll have a look at that, these certificates work with other types of TLS servers,, i will investigate and give a feedback, the only difference i can see is that my keys are 4096 bit size and yours are 2048 bit |
I changed "SERVER_RSA_KEY_BIT="rsa:2048"" and "CLIENT_RSA_KEY_BIT="rsa:2048"" in "gen_x509.sh" to 4096 and regenerated the key and cert for testing, which was also successful.
Note: Currently only TLSv1.2 is supported
…---- Replied Message ----
| From | Anton ***@***.***> |
| Date | 01/24/2024 00:01 |
| To | ***@***.***> |
| Cc | ***@***.***>***@***.***> |
| Subject | Re: [rmqtt/rmqtt] Panic when providing a TLS certificate and a key to a listener. (Issue #51) |
Wait what!,, changing out the certs worked,, but why,, the certificates and keys are generated and validated using openssl, what could be the difference between them ?
I'll have a look at that, these certificates work with other types of TLS servers,, i will investigate and give a feedback, the only difference i can see is that my keys are 4096 bit size and yours are 2048 bit
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.Message ID: ***@***.***>
|
Another question about the TLS certificates, where would i provide the server with the CA that signed the Client Certificates to validate and allow connection to the server using certificates ? |
When i try to run the server with TLS certificates i get an error saying
seems to happen here
Is anyone else having a similar issue ?
The certificate has been validated and checked with openssl and the key has also been checked, it is a 4096 bit rsa key.
The text was updated successfully, but these errors were encountered: