Rabbitmq: Fatal - Handshake Failure and hostname_check_failed
search cancel

Rabbitmq: Fatal - Handshake Failure and hostname_check_failed

book

Article ID: 379529

calendar_today

Updated On:

Products

VMware Tanzu RabbitMQ

Issue/Introduction

In some scenarios, you will experience the TLS shake hands error message when you set up the federation, shovel with TLS etc. :


TLS server: In state wait_cert received CLIENT ALERT: Fatal - Handshake Failure

 

 

You will see the similar error message in the federation status in the Rabbitmq UI.

 

{tls_alert,{handshake_failure,"TLS client: In state wait_cert at ssl_handshake.erl:2143 generated CLIENT ALERT: Fatal - Handshake Failure\n {bad_cert,hostname_check_failed}"}}

 

 

Cause

It was caused by the hostname mismatch between the amqps URI and the certificate.

 

Resolution

There are two workarounds to fix this issue:


1. disable the SSL, do not use the amqps protocol and use the amqp protocol instead


2. disable the peer verification with the verify_none option in the URI, please refer to the following example

 
If you want to permanently address this problem, please make sure the hostname in your certificate is identical with the name in the amqps URI.

 


rabbitmqctl set_parameter federation-upstream my-fed '{"uri":"amqps://username:[email protected]:5671?cacertfile=/root/ca.crt&certfile=/root/server.crt&keyfile=/root/server.key&verify=verify_none"}


 


Powered by Wolken Software