5 min,  RMQ

RabbitMQ Shovels sends messages to other RabbitMQ Server despite certificates expired (google.com)

RabbitMQ Shovels sends messages to other RabbitMQ Server despite certificates expired (google.com)

(User )When add the amqp_client.ssl_options to the rabbitmq.conf, the service wont start at all.
It might just be the syntax since i have not found an example.
I attached the conf file.
Thanks
listeners.ssl.default = 5671
ssl_options.cacertfile = C:/Certificates/converted/TestDevelopment_0000_Root.pem
ssl_options.certfile = C:/Certificates/converted/public-TestDevelopment_0000.pem
ssl_options.keyfile = C:/Certificates/converted/private-TestDevelopment_0000.pem
ssl_options.verify = verify_peer
Do not require client certificates
ssl_options.fail_if_no_peer_cert = true
amqp_client.ssl_options.cacertfile = c:/certificates/converted/testdevelopment_0000_root.pem
amqp_client.ssl_options.certfile = c:/certificates/converted/public-testdevelopment_0000.pem
amqp_client.ssl_options.keyfile = c:/certificates/converted/private-testdevelopment_0000.pem
amqp_client.ssl_options.verify = verify_peer
amqp_client.ssl_options.fail_if_no_peer_cert = true
“dest-uri”: “amqps://ttadmin:teamt@MAFBSVQADB02:5671/Project-0000_TestDevelopment-Server”,
“src-uri”: “amqp://ttadmin:teamt@MAFBSPQAFE01:5672/Project-0000_TestDevelopment-PM-1”
(AMQP expert)Yes, you will have to enable server verification for your amqps URIs, like this – https://www.rabbitmq.com/uri-query-parameters.html#basics
(AMQP expert)Hello,
RabbitMQ probably logs why it won’t start. Did you check the log file?
I meant for you to change your shovel URI strings instead, but your method should work. However, the documentation states that you must specify amqp_client settings in the advanced.config file, not in the rabbitmq.conf file!
Create a file named advanced.config in the same directory as your rabbitmq.conf file with this content, remove the invalid settings from rabbitmq.conf, and restart:
[
{amqp_client, [
{ssl_options, [
{cacertfile, “c:/certificates/converted/testdevelopment_0000_root.pem”},
{certfile, “c:/certificates/converted/public-testdevelopment_0000.pem”},
{keyfile, “c:/certificates/converted/private-testdevelopment_0000.pem”},
{verify, verify_peer},
{fail_if_no_peer_cert, true}
]}
]}
].
You should use these settings on the servers that are using amqps:// URIs for their shovels.
(User)Thanks for the information. I will return to this question on Friday.

Comments Off on RabbitMQ Shovels sends messages to other RabbitMQ Server despite certificates expired (google.com)