Enable TLS communication in RabbitMQ

Last updated
Save as PDF

This article applies to:OutSystems 11

To enable TLS you must manually configure the port used by the TLS listener as well as its certificate and corresponding key.

Do the following:

Open the %ALLUSERSPROFILE%\RabbitMQ\advanced.config configuration file;

Add the following lines:

[
{rabbit, [
    {tcp_listeners, []},
    {ssl_listeners, [5671]},
    {ssl_options, [{certfile,"C:\\path\\to\\server\\cert.pem"},
                    {keyfile,"C:\\path\\to\\server\\key.pem"}]}
]}
].

This configuration does the following:

Disables all non-TLS listeners (tcp_listeners);

Note: You must also ensure that the RABBITMQ_NODE_PORT environment variable is not set for this configuration to be effective.
Creates an TLS listener on port 5671 (ssl_listeners);
Configures the certificate and its key to be used by the TLS listener (ssl_options).

To apply these settings, open Configuration Tool and click "Create/Upgrade Service" in the Cache tab.
Alternatively, check Install and configure RabbitMQ using the command-line for more information on how to apply the settings using the command-line.

Configuring the certificate canonical name

If the canonical name used in the certificate does not match the host name of the machine running the RabbitMQ service, you must manually configure a parameter on the server.hsconf file.

Do the following:

In server.hsconf, set the value of the TlsServerCanonicalName parameter in the CacheInvalidationConfiguration section to the certificate canonical name;
Open Configuration Tool and click "Apply & Exit" to apply the new setting.