Setting up https / SSL for rabbitmq on windows

907 views
Skip to first unread message

Crimzin

unread,
Feb 23, 2022, 1:50:09 AM2/23/22
to rabbitmq-users
I need some assistance in the config to setup HTTPS.

Not sure what I am missing. I have wildcard certificates that I own.

I don't necessarily need to use TLS

Please see config file below.

Any help would be greatly appreciated.
Thank you

# ======================================
# Core broker section
# ======================================
listeners.tcp.default = 5672
listeners.ssl.default = 5671

# ======================================
# SSL Setup
# ======================================
ssl_options.cacertfile = C:\RabbitMQData\certs\*********.co.za\ca.crt
ssl_options.certfile   = C:\RabbitMQData\certs\ *********.co.za\ *********.cert
ssl_options.keyfile    = C:\RabbitMQData\certs\ *********.co.za\ *********.key
ssl_options.verify     = verify_peer
ssl_options.fail_if_no_peer_cert = true

# ======================================
# Cluster name
# ======================================
cluster_name = ****-Cluster1.*********.co.za

# ======================================
# Default User / VHost
# ======================================
default_user =  *********
default_pass =   *********

# ======================================
# Resource Limits & Flow Control
# ======================================
vm_memory_high_watermark.absolute = 8GB

disk_free_limit.absolute = 16GB

# ======================================
# Clustering
# ======================================
# cluster_partition_handling = ignore
# cluster_partition_handling = pause_minority
# cluster_partition_handling = pause_if_all_down

cluster_formation.peer_discovery_backend = rabbit_peer_discovery_classic_config
cluster_formation.classic_config.nodes.1 = rabbit@****-Cluster1. *********.co.za
cluster_formation.classic_config.nodes.2 = rabbit@****-Cluster2. *********.co.za
cluster_formation.classic_config.nodes.3 = rabbit@****-Cluster3. *********.co.za

Wes Peng

unread,
Feb 23, 2022, 1:53:18 AM2/23/22
to rabbitm...@googlegroups.com
What’s the version and error log?

Thanks 

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/043a18d4-1a12-4713-b64d-cbe0975ee564n%40googlegroups.com.

Crimzin

unread,
Feb 23, 2022, 2:08:41 AM2/23/22
to rabbitmq-users
Hi there,

versions  RabbitMQ 3.9.12Erlang 24.2 windows server 2019

I attached the log.

I own proper wildcard certificates

Thank you so much for assisting me

rabbit@####-Cluster1.#####.co.za.log

Adam Cammack

unread,
Feb 24, 2022, 12:54:02 PM2/24/22
to rabbitm...@googlegroups.com

Thanks for the info! To set up HTTPS for the management API, you will need to use the management.ssl.* settings in the config file: https://rabbitmq.com/management.html#single-listener-https. If you need browser access to the message queues, you may be looking for https://rabbitmq.com/web-stomp.html#tls or https://rabbitmq.com/web-mqtt.html#tls.

 

The errors at the end of the log are related to using non-TLS client connections for TLS listeners:

 

> 2022-02-23 08:36:03.600000+02:00 [notice] <0.12098.3> TLS server: In state hello at tls_record.erl:564 generated SERVER ALERT: Fatal - Unexpected Message

> 2022-02-23 08:36:03.600000+02:00 [notice] <0.12098.3>  - {unsupported_record_type,71}

 

The "71" here is the ASCII letter "G", likely from a plain HTTP "GET" request.

 

Hope this helps,

Adam

Reply all
Reply to author
Forward
0 new messages