CentOS 7 - RabbitMQ 开启ssl安全认证
生成证书
TLS / SSL证书生成器:
git clone https://github.com/michaelklishin/tls-gen tls-gen
cd /opt
git clone https://github.com/michaelklishin/tls-gen tls-gen
cd tls-gen/basic
# 设置私钥密码
make PASSWORD=example
# 验证
make verify
# 修改有效期
vim openssl.cnf
default_days = 1825
设置私钥密码时提示
/bin/sh: python3: command not found
需要安装python3
cd /opt/python
tar -Jxf Python-3.8.8.tar.xz
cd Python-3.8.8
# 配置安装位置
./configure prefix=/usr/local/python3
# 安装
make && make install
# 添加 python3 的软链接
ln -s /usr/local/python3/bin/python3.8 /usr/bin/python3
# 添加 pip3 的软链接
ln -s /usr/local/python3/bin/pip3.8 /usr/bin/pip3
# 测试
python3
Python 3.8.8 (default, Mar 5 2021, 13:18:17)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>
# 退出
quit()
修改配置文件
下载 rabbitmq.conf 上传到
/etc/rabbitmq
目录下
cd /etc/rabbitmq
# rabbitmq3.8版本 使用此格式Rabbitmq.conf文件。
vim rabbitmq.conf
# 证书地址
ssl_options.cacertfile = /opt/tls-gen/basic/result/ca_certificate.pem
ssl_options.certfile = /opt/tls-gen/basic/result/server_certificate.pem
ssl_options.keyfile = /opt/tls-gen/basic/result/server_key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true
# 私钥密码
ssl_options.password = example
ssl_options.versions.1 = tlsv1.3
ssl_options.versions.2 = tlsv1.2
# 默认账户 密码
default_user = guest
default_pass = guest
# tcp 默认端口
listeners.tcp.default = 5672
# ssl 默认端口
listeners.ssl.default = 5671
重启RabbitMQ服务
rabbitmqctl stop
rabbitmq-server -detached