Skip to main content

Enable TLS communication in RabbitMQ

OutSystems

Enable TLS communication in RabbitMQ

This article applies to:OutSystems 11

To enable TLS you must manually configure the port used by the TLS listener as well as its certificate and corresponding key.

Do the following:

  1. Open the %ALLUSERSPROFILE%\RabbitMQ\advanced.config configuration file;

  2. Add the following lines:

    [
    {rabbit, [
        {tcp_listeners, []},
        {ssl_listeners, [5671]},
        {ssl_options, [{certfile,"C:\\path\\to\\server\\cert.pem"},
                        {keyfile,"C:\\path\\to\\server\\key.pem"}]}
    ]}
    ].
    

This configuration does the following:

  1. Disables all non-TLS listeners (tcp_listeners);

    Note: You must also ensure that the RABBITMQ_NODE_PORT environment variable is not set for this configuration to be effective.

  2. Creates an TLS listener on port 5671 (ssl_listeners);

  3. Configures the certificate and its key to be used by the TLS listener (ssl_options).

To apply these settings, open Configuration Tool and click "Create/Upgrade Service" in the Cache tab.
Alternatively, check Install and configure RabbitMQ using the command-line for more information on how to apply the settings using the command-line.

Configuring the certificate canonical name

If the canonical name used in the certificate does not match the host name of the machine running the RabbitMQ service, you must manually configure a parameter on the server.hsconf file.

Do the following:

  1. In server.hsconf, set the value of the TlsServerCanonicalName parameter in the CacheInvalidationConfiguration section to the certificate canonical name;

  2. Open Configuration Tool and click "Apply & Exit" to apply the new setting.

  • Was this article helpful?