How to setup RabbitMQ Dynamic Shovel in SSL

Question

I want to setup a Shovel in which the destination RabbitMQ is configured to be TLS enabled.

I am unable to create a Shovel and the shovel stays in a starting state.

I have two different RabbitMQ instance in two separate docker container, one of them exposed via port 5671 (SSL) and 6671 (SSL) from host machine.

I am using RabbitMQ management plugin to establish the shovel

Below are the connection details

Source AMQP URI:

amqp://admin:pass@localhost:5672 (non-SSL)

Target AMQP URI

amqps://localhost:6671?cacertfile=/data/shared-file/certificates/ca_certificate.pem&certfile=/data/shared-file/certificates/client_certificate.pem&keyfile=/data/shared-file/certificates/client_key.pem&verify=verify_peer&server_name_indication=MyTestCA

What could be the problem here?

Kindly help

Answer 1

if you have added the Ca's of your remote server to the RabbitMQ that is initiating the shovel, then try this.

From:

amqps://localhost:6671?cacertfile=/data/sharedfile/certificates/ca_certificate.pem&certfile=/data/sharedfile/certificates/client_certificate.pem&keyfile=/data/sharedfile/certificates/client_key.pem&verify=verify_peer&server_name_indication=MyTestCA

To: Example (encrypted):

amqps://myhost:5671?cacertfile=/path/to/ca_certificate.pem&certfile=/path/to/client_certificate.pem&keyfile=/path/to/client_key.pem&verify=verify_peer&server_name_indication=myhost

https://www.rabbitmq.com/uri-query-parameters.html

http://localhost:15672/#/dynamic-shovels

In the management there is URI examples.

amqps://server-name?cacertfile=/path/to/cacert.pem&certfile=/path/to/cert.pem&keyfile=/path/to/key.pem&verify=verify_peer&fail_if_no_peer_cert=true&auth_mechanism=external
connect to server-name, with SSL and EXTERNAL authentication