6.3 Creating Certificates for RabbitMQ

Certificates are needed to enable TLS for secure messaging between RabbitMQ, ManagerFC, AgentFC, and the Web Application.

  1. At the root of the FileReporter_4.0.iso image, double-click CertificateGenerator.exe.

  2. In the Subject Name field, enter the DNS for the RabbitMQ service.

  3. (Optional) Modify the settings in the other fields.

  4. Click Generate.

    Certificate: Information pertaining to the certificate that is to be generated.

    File Name: The default name and path of the certificate to be generated. If you choose, you can modify the name and path.

    Private Key: Information and settings pertaining to the private key.

    Save private key in separate file: When selected, this option saves the private key as a separate file from the certificate.

    For use with RabbitMQ, having a separate key file might be less confusing.

    File Name: The default name and path of the private key to be generated. If you choose, you can modify the name and path.

    Save To File: Information and the means of saving the certificate and private key.

    Target Folder: The default file path for the certificate and if specified, the private key. If you choose, you can modify the path.

    Browse: Click to specify a new location for the certificate and if specified, the private key.

  5. Make any needed modifications to the settings and click Save Files.

    If one of the files already exists, you are prompted to overwrite it.

  6. When notified that the files have been saved, click OK.

  7. Click Finish.

    You will be notified if you have not yet saved your certificate files.

  8. From the location where the files were generated, copy them to a folder on the RabbitMQ system.

    For example, copy them to the RabbitMQ folder that is created when you extract the RabbitMQ-3.8.xx.zip file.

  9. Edit the rabbitmq.conf file located in the rabbitmq\base folder where RabbitMQ was extracted (if using the provided archive).

  10. Modify the entries for ssl_options.*

    Note that paths are absolute and use forward slashes.

    Uncomment the following lines:

    • ssl_options.cacertfile
    • ssl_options certfile
    • ssl_options.keyfile
    • num_acceptors.ssl
    • listeners.ssl.default

  11. Modify the entries for management.* interface.

    Note that paths are absolute and use forward slashes.

    Comment the following lines:

    management.tcp.port

    management.tcp.ip

    Uncomment the following lines:

    • management.ssl.port
    • management.ssl.cacertfile
    • management.ssl.certfile
    • management.ssl.keyfile
    • management.ssl.versions.1

  12. Specify the certificate and private key.

    1. In the SSL Options section, modify the paths pertaining to ssl_options.cacertfile and ssl_options.certfile with the path to the certificate you created in Step 5.

    2. While still in the SSL Options section, modify the path pertaining to ssl_options.keyfile to the private key that you created in Step 5.

    3. In the Management Interface / REST API section, modify the paths pertaining to management.ssl.cacertfile and management.ssl.certfile with the path to the certificate you created in Step 5.

    4. While still in the Management Interface / REST API section, modify the path pertaining to management.ssl.keyfile with the path of the private key you created in Step 5.

  13. Save any modifications you have made to the configuration file.

  14. Close the editor.

  15. Proceed with Section 6.4, Installing Rabbit MQ.