RabbitMQ Shovels sends messages to other RabbitMQ Server despite certificates expired (google.com)
(User )When add the amqp_client.ssl_options to the rabbitmq.conf, the service wont start at all. It might just be the syntax since i have not found an example. I attached the conf file. Thanks listeners.ssl.default = 5671 ssl_options.cacertfile = C:/Certificates/converted/TestDevelopment_0000_Root.pem ssl_options.certfile = C:/Certificates/converted/public-TestDevelopment_0000.pem ssl_options.keyfile = C:/Certificates/converted/private-TestDevelopment_0000.pem ssl_options.verify = verify_peer Do not require client certificates ssl_options.fail_if_no_peer_cert = true amqp_client.ssl_options.cacertfile = c:/certificates/converted/testdevelopment_0000_root.pem amqp_client.ssl_options.certfile = c:/certificates/converted/public-testdevelopment_0000.pem amqp_client.ssl_options.keyfile = c:/certificates/converted/private-testdevelopment_0000.pem amqp_client.ssl_options.verify = verify_peer amqp_client.ssl_options.fail_if_no_peer_cert = true “dest-uri”: “amqps://ttadmin:teamt@MAFBSVQADB02:5671/Project-0000_TestDevelopment-Server”, “src-uri”: “amqp://ttadmin:teamt@MAFBSPQAFE01:5672/Project-0000_TestDevelopment-PM-1” |
(AMQP expert)Yes, you will have to enable server verification for your amqps URIs, like this – https://www.rabbitmq.com/uri-query-parameters.html#basics |
(AMQP expert)Hello, RabbitMQ probably logs why it won’t start. Did you check the log file? I meant for you to change your shovel URI strings instead, but your method should work. However, the documentation states that you must specify amqp_client settings in the advanced.config file, not in the rabbitmq.conf file! Create a file named advanced.config in the same directory as your rabbitmq.conf file with this content, remove the invalid settings from rabbitmq.conf, and restart: [ {amqp_client, [ {ssl_options, [ {cacertfile, “c:/certificates/converted/testdevelopment_0000_root.pem”}, {certfile, “c:/certificates/converted/public-testdevelopment_0000.pem”}, {keyfile, “c:/certificates/converted/private-testdevelopment_0000.pem”}, {verify, verify_peer}, {fail_if_no_peer_cert, true} ]} ]} ]. You should use these settings on the servers that are using amqps:// URIs for their shovels. |
(User)Thanks for the information. I will return to this question on Friday. |