Skip to content

RabbitMQ Shovels sends messages to other RabbitMQ Server despite certificates expired (google.com)

Published by espenk on October 28, 2022

Last updated on November 5, 2022

RabbitMQ Shovels sends messages to other RabbitMQ Server despite certificates expired (google.com)

(User )When add the amqp_client.ssl_options to the rabbitmq.conf, the service wont start at all.
It might just be the syntax since i have not found an example.
I attached the conf file.
Thanks
listeners.ssl.default = 5671
ssl_options.cacertfile = C:/Certificates/converted/TestDevelopment_0000_Root.pem
ssl_options.certfile = C:/Certificates/converted/public-TestDevelopment_0000.pem
ssl_options.keyfile = C:/Certificates/converted/private-TestDevelopment_0000.pem
ssl_options.verify = verify_peer
Do not require client certificates
ssl_options.fail_if_no_peer_cert = true
amqp_client.ssl_options.cacertfile = c:/certificates/converted/testdevelopment_0000_root.pem
amqp_client.ssl_options.certfile = c:/certificates/converted/public-testdevelopment_0000.pem
amqp_client.ssl_options.keyfile = c:/certificates/converted/private-testdevelopment_0000.pem
amqp_client.ssl_options.verify = verify_peer
amqp_client.ssl_options.fail_if_no_peer_cert = true
“dest-uri”: “amqps://ttadmin:teamt@MAFBSVQADB02:5671/Project-0000_TestDevelopment-Server”,
“src-uri”: “amqp://ttadmin:teamt@MAFBSPQAFE01:5672/Project-0000_TestDevelopment-PM-1”
(AMQP expert)Yes, you will have to enable server verification for your amqps URIs, like this – https://www.rabbitmq.com/uri-query-parameters.html#basics
(AMQP expert)Hello,
RabbitMQ probably logs why it won’t start. Did you check the log file?
I meant for you to change your shovel URI strings instead, but your method should work. However, the documentation states that you must specify amqp_client settings in the advanced.config file, not in the rabbitmq.conf file!
Create a file named advanced.config in the same directory as your rabbitmq.conf file with this content, remove the invalid settings from rabbitmq.conf, and restart:
[
{amqp_client, [
{ssl_options, [
{cacertfile, “c:/certificates/converted/testdevelopment_0000_root.pem”},
{certfile, “c:/certificates/converted/public-testdevelopment_0000.pem”},
{keyfile, “c:/certificates/converted/private-testdevelopment_0000.pem”},
{verify, verify_peer},
{fail_if_no_peer_cert, true}
]}
]}
].
You should use these settings on the servers that are using amqps:// URIs for their shovels.
(User)Thanks for the information. I will return to this question on Friday.

Published in5 minRMQ