Ploxer2
Reputation: 13
How to make TLS connection to RabbitMQ from python application
I use RabbitMQ with Mqtt plugin. My docker-compose is like below:
loopback_users.guest = false
listeners.tcp = none
listeners.ssl.default = 5671
password_hashing_module = rabbit_password_hashing_sha512
# General
ssl_options.cacertfile = /etc/rabbitmq/cert/ca_certificate.pem
ssl_options.certfile = /etc/rabbitmq/cert/server_certificate.pem
ssl_options.keyfile = /etc/rabbitmq/cert/server_key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true
# Web
management.ssl.port = 15672
management.ssl.cacertfile = /etc/rabbitmq/cert/ca_certificate.pem
management.ssl.certfile = /etc/rabbitmq/cert/server_certificate.pem
management.ssl.keyfile = /etc/rabbitmq/cert/server_key.pem
management.load_definitions = /etc/rabbitmq/definitions.json
# Mqtt plugin
mqtt.allow_anonymous = false
mqtt.listeners.ssl.default = 8883
mqtt.listeners.tcp.default = 1883
My certs are correct. Web works fine with security. So I want to connect to Rabbit from my Python application by TLS.
PATH_CERT = '/<path>/server_certificate.pem'
client = paho.Client()
client.on_connect = on_connect
client.on_publish = on_publish
client.on_message = on_message
client.username_pw_set(MQTT_USER, MQTT_PASSWORD)
client.tls_set(ca_certs = PATH_CERT, tls_version=ssl.PROTOCOL_TLSv1_2)
client.tls_insecure_set(False)
client.connect('my.domain.pl', 8883, 60)
client.loop_forever()
But I got error:
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)
Password, user and domain are correct. How could I solve problem with certyficate? Does it pass the correct certificate in Python?
Upvotes: 1
Views: 290
Answers (1)
Luke Bakken
Reputation: 9627
These two options configure Erlang/RabbitMQ TLS to request a client certificate from your Python/Paho application, but you are not providing client certificates in your client application:
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true
Upvotes: 0
Related Questions
- How do I make a flat list out of a list of lists?
- How slicing in Python works
- How can I remove a key from a Python dictionary?
- How do I merge two dictionaries in a single expression in Python?
- How do I select rows from a DataFrame based on column values?
- How can I delete a file or folder in Python?
- How do I get the current time in Python?
- How can I access environment variables in Python?
- How do I concatenate two lists in Python?
- How do I make function decorators and chain them together?