Skip to main content
Version: Develop

RabbitMQ TLS/SSL Configuration

Peer Verification

As described in https://www.rabbitmq.com/ssl.html the operator can specify TLS/SSL configuration that changes a RabbitMQ server's behavior when it comes to SSL/TLS connections.

In particular the options rabbitmq.ssl.verify and rabbitmq.ssl.fail_if_no_peer_cert can be set. The settings' meaning is described in https://www.rabbitmq.com/ssl.html#peer-verification. E.g. set rabbitmq.ssl.verify to value verify_peer and rabbitmq.ssl.fail_if_no_peer_cert to value true in order for a RabbitMQ server to demand a TLS certificate from any client connecting. You can also enable it for existing instances with cf update-service [INSTANCE_NAME] -c '{"fail_if_no_peer_cert": true, "verify":"verify_peer"}'. In addition, this certificate must have been signed by a certificate authority that the RabbitMQ server trusts.