I have a RabbitMQ integration built in a .NET Standard library, which is being used by a few .NET Framework 4.7.2 apps. It's configured to connect to the RabbitMQ broker securely over port 5671 with a self-signed cert that has been installed in the Trusted Root Certificate Authorities of my local machine and our app development/testing server.
Both the development server and the RabbitMQ broker are running on AWS EC2 instances within our "local" network.
When I run these apps in debug on my local machine (connected to the "local" network through a VPN), the secure connection to the RabbitMQ broker is initialized correctly, and everything works as expected.
When I try to run the apps on the development server, however, the connection fails with the following exception:
AuthenticationException: The remote certificate is invalid according to the validation procedure.
System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult) 8343681
System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result) 76
System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization) 83
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 60
RabbitMQ.Client.Impl.<>c__DisplayClass2_0.<TcpUpgrade>b__0(SslOption opts) 82
RabbitMQ.Client.Impl.SslHelper.TcpUpgrade(Stream tcpStream, SslOption options) 512
RabbitMQ.Client.Impl.SocketFrameHandler..ctor(AmqpTcpEndpoint endpoint, Func`2 socketFactory, TimeSpan connectionTimeout, TimeSpan readTimeout, TimeSpan writeTimeout) 830
RabbitMQ.Client.ConnectionFactory.CreateFrameHandler(AmqpTcpEndpoint endpoint) 122
RabbitMQ.Client.EndpointResolverExtensions.SelectOne(IEndpointResolver resolver, Func`2 selector) 191
What's even more weird is that, when I navigate to the secure RabbitMQ Management UI (port 15671) through a browser on the development server, the browser correctly recognizes the certificate as valid.
Thinking this may be a firewall/port issue, I made sure that the development server firewall was set to allow outbound TCP traffic to port 5671, but this also hasn't fixed the issue.
What am I missing? Is there some extra IIS configuration needed for this that I don't know about?
Thanks!
CodePudding user response:
The answer turned out to be rather simple. I had mistakenly installed the cert in the development server's admin user Trusted Root Authorities, rather than the machine's Trusted Root Authorities. Since the application was set up to run with a different user, that user didn't have access to the installed cert. Once I had installed it in the machine's Trusted Root Authorities, the connection worked as expected.
Props to Luke Bakken from the RabbitMQ team for the answer: https://groups.google.com/g/rabbitmq-users/c/tJHnDEnCZxM