The aim of this guide is to explain how to configure Abiquo to work with RabbitMQ with TLS.

Purpose

The aim of this guide is to explain how to configure Abiquo as client of a RabbitMQ with TLS enabled. You can follow the guide in the RabbitMQ documentation to configure RabbitMQ TLS from the server side. Example of rabbitmq.config:

[
  {rabbit, [
     {tcp_listeners, [{"127.0.0.1",5672}]},
     {ssl_listeners, [{"10.60.12.5",5671}]},
     {ssl_options, [{cacertfile,"/opt/testca/cacert.pem"},
                    {certfile,"/opt/server/cert.pem"},
                    {keyfile,"/opt/server/key.pem"},
                    {verify,verify_peer},
                    {password, "changeit"},
                    {fail_if_no_peer_cert,false}]}
   ]}
].

Note: Ensure that RabbitMQ has the right permissions to read the cert/key files.

          The password TLS option will be needed if your private key has a password, if you don't have a password setup for your private key just remove it

Properties

The properties below only apply if the value of the system property 'abiquo.rabbitmq.tls' is true.

Configurations

Plain TCP

This is the default configuration with no SSL enabled. The default values match this configuration but you should ensure that 'abiquo.rabbitmq.tls' value is false.

Trust all certificates

In this configuration Abiquo will connect without validating the server certificate and without presenting any client certificates.

Use trust manager to validate server certificates

In this configuration Abiquo will connect validating the server certificate and without presenting any client certificate. You can find an example of how to import your server certificate to your keystore on the RabbitMQ website in the section "Presenting and validating certificates".