SSL configuration issue with RabbitMQ Web-Stomp Plugin

Question

Firstly, I followed this to generate keys, certificates and CA certificates to directories which are client, server and testca. Then I verified, SSL works. Then I followed this to configure RabbitMQ Web-Stomp Plugin, and my ssl_config is as following:

[
  {rabbitmq_web_stomp,
      [{ssl_config, [{port,       15671},
                     {backlog,    1024},
                     {certfile,   "path/to/certs/client/cert.pem"},
                     {keyfile,    "path/to/certs/client/key.pem"},
                     {cacertfile, "path/to/certs/testca/cacert.pem"},
                     {password,   "changeme"}]}]}
].

However, when I tried to connect it via websockets by following code, which is copied from here, and I made some modifications.

<!DOCTYPE html>
<html><head>
  <script src="jquery.min.js"></script>

  <script src="stomp.js"></script>
  <style>
      .box {
          width: 440px;
          float: left;
          margin: 0 20px 0 20px;
      }
      .box div, .box input {
          border: 1px solid;
          -moz-border-radius: 4px;
          border-radius: 4px;
          width: 100%;
          padding: 5px;
          margin: 3px 0 10px 0;
      }
      .box div {
          border-color: grey;
          height: 300px;
          overflow: auto;
      }
      div code {
          display: block;
      }
      #first div code {
          -moz-border-radius: 2px;
          border-radius: 2px;
          border: 1px solid #eee;
          margin-bottom: 5px;
      }
      #second div {
          font-size: 0.8em;
      }
  </style>
  <title>RabbitMQ Web STOMP Examples : Echo Server</title>
  <link href="main.css" rel="stylesheet" type="text/css"/>
</head><body lang="en">
    <h1><a href="index.html">RabbitMQ Web STOMP Examples</a> > Echo Server</h1>

    <div id="first" class="box">
      <h2>Received</h2>
      <div></div>
      <form><input autocomplete="off" value="Type here..."></input></form>
    </div>

    <div id="second" class="box">
      <h2>Logs</h2>
      <div></div>
    </div>

    <script>
        var has_had_focus = false;
        var pipe = function(el_name, send) {
            var div  = $(el_name + ' div');
            var inp  = $(el_name + ' input');
            var form = $(el_name + ' form');
            var print = function(m, p) {
                p = (p === undefined) ? '' : JSON.stringify(p);
                div.append($("<code>").text(m + ' ' + p));
                div.scrollTop(div.scrollTop() + 10000);
            };
            if (send) {
                form.submit(function() {
                    send(inp.val());
                    inp.val('');
                    return false;
                });
            }
            return print;
        };
      // Stomp.js boilerplate

          var client = Stomp.client('wss://192.168.111.131:15671/ws');

      client.debug = pipe('#second');
      var print_first = pipe('#first', function(data) {

            client.send('/queue/webstomp', {"content-type":"text/plain"}, data);


      });
      var on_connect = function(x) {
          id = client.subscribe("/queue/webstomp", function(d) {
               print_first(d.body);
          });
      };
      var on_error =  function() {
        console.log('error');
      };
      client.connect('test', 'test', on_connect, on_error, '/');
      $('#first input').focus(function() {
          if (!has_had_focus) {
              has_had_focus = true;
              $(this).val("");
          }
      });
    </script>
</body></html>

it replied me that I lost connection as following screenshot.

I'd be really appreciate any helpful suggestion on this issue.

BTW: this code example works when I didn't use SSL.

Answer 1

Update RabbitMQ version 4.0 and Erlang OTP 27.

1. You can't install self certificate (I build RabbitMQ Server in VM)
2. If your certificate created by manually, you must install certificate in your client

Before use wss://192.168.111.131:15671/ws, You can testing websocket https://192.168.111.131:15671/ws

Answer 2

Finally I figured this out by referring this post, so the key point is to explicitly authorized my certificate by visiting the address in https first, in my case is wss://192.168.111.131:15671/ws. So I need to visit https://192.168.111.131:15671/ws in browser and authorize the exception and then I can make my wss connection normally.