centos6.9 rabbitmq set up SSL

I. Overview

Due to the requirements of the security team, it is necessary to add SSL to rabbitmq, and the java code uses the ssl key to connect.

2. Formal deployment

Environmental description:

The environment is to configure ssl based on the previous article, the link is as follows:

https://www.cnblogs.com/xiao987334176/p/12304608.html

Generate certificate

There is an article on the Internet saying that there is a github project that can generate a certificate with one click. The link is as follows:

https://github.com/Berico-Technologies/CMF-AMQP-Configuration.git

But the generated certificate fails the code test.

Therefore, on github, I found a rabbitmq ssl project, which provides certificates. Just use the certificate inside, and the code test can also pass.

The link is as follows:

https://github.com/Nepitwin/RabbitSSL

There are Python scripts provided, and there are 3 certificate files

ca_certificate.pem
client_certificate.pem
client_key.pem

Next, I will load these 3 files into rabbitmq

Configure rabbitmq

Create a certificate directory

mkdir /etc/rabbitmq/cert

Put the 3 certificate files in this directory

Modify configuration file

vi /etc/rabbitmq/rabbitmq.config

The full content is as follows:

[{ rabbit,[{ssl_listeners,[5671]},{ssl_options,[{cacertfile,"/etc/rabbitmq/cert/ca_certificate.pem"},{certfile,"/etc/rabbitmq/cert/client_certificate.pem"},{keyfile,"/etc/rabbitmq/cert/client_key.pem"},{verify,verify_peer},{fail_if_no_peer_cert,true}]}]}].

Restart rabbitmq

/etc/init.d/rabbitmq-server restart

View 5671 port

Command line view

Log in to any node, use the command line to view

# ss -tunlp|grep 5671
tcp    LISTEN     0128:::5671:::*      users:(("beam.smp",27893,96))

mq background page view

After logging in, click on the Ports and contexts below, you can see 5671

Reference link for this article:

https://blog.csdn.net/tiantang_1986/article/details/83996202

https://www.cnblogs.com/wyt007/p/9086250.html