Configure RabbitMQ for SSL/TLS - Precisely_EnterWorks - EnterWorks - 11.0

EnterWorks Guide
Product type
Software
Portfolio
Verify
Product family
EnterWorks
Product
Precisely EnterWorks
Precisely EnterWorks > EnterWorks™ software
Version
11.0
ft:locale
en-US
Product name
Precisely EnterWorks
ft:title
EnterWorks Guide
Copyright
2024
First publish date
2007
ft:lastEdition
2025-01-21
ft:lastPublication
2025-01-21T05:56:06.852000
Warning: Configuring EnterWorks to use SSL and configuring RabbitMQ to use SSL are two independent procedures. Configuring one does not configure the other. You cannot use the EnterWorks SSL certificate files to configure RabbitMQ to use SSL.

The instructions given here are the recommended method of configuring RabbitMQ in an EnterWorks environment. Instructions for configuring RabbitMQ for SSL/TLS are also provided on the RabbitMQ website: https://www.rabbitmq.com/ssl.html.

To configure RabbitMQ for SSL/TLS:

  1. If you have not yet obtain valid SSL configuration files for RabbitMQ, obtain them. Do not use the EnterWorks certificate files. You must obtain them for RabbitMQ.
    • The encryption certificate files must be in PEM format and must be named as specified:
      • rabbitCA.pem
      • serverkey.pem
      • server.pem
      • client.pem

    • These keystore files must be PKCS12 format. The use of passwords is supported, but passwords are not necessary.

      • client.p12
      • server.p12
  2. Move to the server that is hosting RabbitMQ.
  3. Copy the configuration files to their respective folders.
    Warning: To promote maintenance, it is highly recommended that you place your certificate files in the folder: 
    <drive>:\Enterworks\certs\rabbitmq\
    as shown below. However, you can place the certificates in a different folder. Do not place them in the same folder as the EnterWorks certificates:
    <drive>:\Enterworks\certs\
    1. Copy the PEM certificate files:
      • rabbitCA.pem
      • server.pem
      • serverkey.pem
      to the folder: 
      <drive>:\Enterworks\certs\rabbitmq\
    2. Copy the file: 
      client.pem
      to the folder: 
      <drive>:\Enterworks\certs\rabbitmq\client
    3. Copy the files:
      • client.p12
      • server.p12
      to the folder: 
      <drive>:\Enterworks\certs\rabbitmq\secure\client
  4. Open the RabbitMQ configuration file for editing: 
    <drive>:\Users\<username>\AppData\Roaming\RabbitMQ\rabbitmq.conf
    where <username> is the name of the user who installed RabbitMQ. RabbitMQ should have been installed by the Administrator user, however, you may need to search for hidden folders and files in the server's other users before you find it.
  5. Edit rabbitmq.conf and set the following settings as shown: 
    # disables non-TLS listeners, only TLS-enabled clients will be able to connect
listeners.tcp = none

listeners.ssl.default = 5671
loopback_users=none

## SSL Configuation
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = false
ssl_options.cacertfile = <drive>:/Enterworks/certificate/rabbitCA.pem
ssl_options.certfile = <drive>:/Enterworks/certificate/server.pem
ssl_options.keyfile = <drive>:/Enterworks/certificate/serverkey.pem
ssl_options.versions.1 = tlsv1.3

## TLS handshake timeout, in milliseconds. ##
ssl_handshake_timeout = 10000

## Maximum amount of time allowed for the AMQP 0-9-1 and AMQP 1.0 handshake
## (performed after socket connection and TLS handshake) to complete, in milliseconds. ##
handshake_timeout = 10000
  6. Update all the microservice create-service scripts. On each server that hosts one or more microservices:
    1. For each create-<service-name>-service.cmd script in the folder: 
      <drive>:\Enterworks\enable2020\services\install
      set the RabbitMQ SSL port and the location of the PEM certificate files:. 
      REM ### PORT which enable on RabbitMQ server for TLS/SSL
-rabbitSSLPort=5671 

REM ### Placeholder where client.pem, key.pem(client certificate key) and rabbitCA.pem files placed. -rabbitClientKeys=<drive>:\Enterworks\certificate\client ^
    2. Use the create-<service-name>-service.cmd script.
  7. Update the shared configuration properties as indicated below. If you do not have a password for client.p12 or server.p12, leave the setting empty. 
    ##########################################################################
# SSL Connection Settings
##########################################################################
# rabbit connection settings
amqp.sslEnabled=true

# client connection settings
#Location of client SSL file. amqp.clientCert=<drive>:\Enterworks\certificate\secure\client\client.p12
#Client SSL password. amqp.clientPw=password12
#SSL file format type. amqp.clienCertType=PKCS12

# rabbit connection settings
#Location of Server SSL file. amqp.serverCert=<drive>:\Enterworks\certificate\secure\client\server.p12
#Server SSL password. amqp.serverPw=password12
#SSL file format type. amqp.serverCertType=PKCS12
#RabbitMQ supported SSL
amqp.rabbitSSLPort=5671

#TLS version supported for creation of SSL
amqp.tlsVersion=TLSv1.3
  8. Restart EnterWorks Services