5.3 Creating Certificates for RabbitMQ

Certificates are needed to enable TLS for secure messaging between RabbitMQ, ManagerFC, AgentFC, and the Web Application.

  1. (Conditional) If you have not already done so, install the 64-bit .NET 6.0 Desktop Runtime.

    A copy of the Desktop Runtime installer is located in the RabbitMQ folder of the ISO image or may be downloaded from https://dotnet.microsoft.com/en-us/download/dotnet/6.0.

  2. In the RabbitMQ folder of the ISO image, double-click CertificateGenerator.exe.

  3. In the Subject Name field, enter the DNS for the RabbitMQ service host or endpoint.

  4. (Optional) Modify the settings in the other fields.

  5. Click Generate.

  6. In the Certificate section of the File Name field, enter the desired name of the certificate file to export.

  7. (Optional) In the Private Key section, select Save private key in separate file, then enter a value for File Name for the private key file to export.

  8. In the Save to File section, browse to or enter a path for Target Folder where the certificate and key file(s) will be exported.

    IMPORTANT:The path should not contain spaces. As a general recommendation, export the certificate files to the root of the extracted RabbitMQ folder.

  9. Click Save Files to export the files.

  10. Click Finish.

  11. From the location where the files were generated, copy them to a folder on the RabbitMQ system.

    For example, copy them to the RabbitMQ folder that is created when you extracted the RabbitMQ-3.9.xx.zip file.

  12. Edit the rabbitmq.conf file located in the rabbitmq\base folder where RabbitMQ was extracted (if using the provided archive).

  13. Modify the entries for ssl_options.*

    Note that paths are absolute and use forward slashes.

    Uncomment the following lines:

    • ssl_options.cacertfile
    • ssl_options certfile
    • ssl_options.keyfile
    • num_acceptors.ssl
    • listeners.ssl.default

  14. Modify the entries for management.* interface.

    Note that paths are absolute and use forward slashes.

    Comment the following lines:

    management.tcp.port

    management.tcp.ip

    Uncomment the following lines:

    • management.ssl.port
    • management.ssl.cacertfile
    • management.ssl.certfile
    • management.ssl.keyfile
    • management.ssl.versions.1
    • management.ssl.versions.2

  15. Specify the certificate and private key.

    1. In the TLS Options section, modify the paths for ssl_options.cacertfile and ssl_options.certfile with the path to the certificate you created earlier in Steps 2-10.

    2. While still in the TLS Options section, modify the path for ssl_options.keyfile with the path of the private key.

    3. In the Management Interface / REST API section, modify the paths for management.ssl.cacertfile and management.ssl.certfile with the path to the certificate.

      Note that paths are absolute and use forward slashes.

    4. While still in the Management Interface / REST API section, modify the path for management.ssl.keyfile with the path of the private key.

  16. Save the modifications you have made to the configuration file, then close the editor.