Last updated on November 5, 2022
RabbitMQ Shovels sends messages to other RabbitMQ Server despite certificates expired (google.com)
|(User )When add the amqp_client.ssl_options to the rabbitmq.conf, the service wont start at all.|
It might just be the syntax since i have not found an example.
I attached the conf file.
listeners.ssl.default = 5671
ssl_options.cacertfile = C:/Certificates/converted/TestDevelopment_0000_Root.pem
ssl_options.certfile = C:/Certificates/converted/public-TestDevelopment_0000.pem
ssl_options.keyfile = C:/Certificates/converted/private-TestDevelopment_0000.pem
ssl_options.verify = verify_peer
Do not require client certificates
ssl_options.fail_if_no_peer_cert = true
amqp_client.ssl_options.cacertfile = c:/certificates/converted/testdevelopment_0000_root.pem
amqp_client.ssl_options.certfile = c:/certificates/converted/public-testdevelopment_0000.pem
amqp_client.ssl_options.keyfile = c:/certificates/converted/private-testdevelopment_0000.pem
amqp_client.ssl_options.verify = verify_peer
amqp_client.ssl_options.fail_if_no_peer_cert = true
|(AMQP expert)Yes, you will have to enable server verification for your amqps URIs, like this – https://www.rabbitmq.com/uri-query-parameters.html#basics|
RabbitMQ probably logs why it won’t start. Did you check the log file?
I meant for you to change your shovel URI strings instead, but your method should work. However, the documentation states that you must specify amqp_client settings in the advanced.config file, not in the rabbitmq.conf file!
Create a file named advanced.config in the same directory as your rabbitmq.conf file with this content, remove the invalid settings from rabbitmq.conf, and restart:
You should use these settings on the servers that are using amqps:// URIs for their shovels.
|(User)Thanks for the information. I will return to this question on Friday.|