RabbitMQ only supports PEM File format for certificate verification. The new PEM file created below will be placed in the
The Examples folder contains a test localhost.pfx. This PFX is strictly for testing TLS on a single machine. You have to import in the Personal/Certificates certificate store since it is not a valid certificate issued by a CA and is not trusted. Any connections made to RabbitMQ when this certificate is used will otherwise fail.
RabbitMQ now supports CNG and/or ECC certificates, however the RabbitMQ Helper needs OpenSSL to convert these types of certificates from PFX. Or OpenSSL can be directly used to do the conversion instead.
For manual conversions, a user can use the following commands:
openssl pkcs12 -in localhost.pfx -nocerts -out cert.key -nodes
openssl pkcs12 -in localhost.pfx -clcerts -nokeys -out cert.pem
Now this conversion can be done with RabbitMQ Helper. You can use the
Convert-CngOrEccToPem command for this conversion. It will generate below two files in the %HomeDirectory%\rabbitmq folder:
OpenSSL must be installed for the conversion using the RabbitMQ Helper command. Also, the path must be set in System Environment Variables (for example,
The converted files will be generated in the RabbitMQ folder present inside the Default Directory (for example,
$path = "$env:programfiles\Delinea Software Ltd\RabbitMq Helper\net6.0\Examples";
$pfxCred = Get-Credential -UserName PfxUserName -Message "Enter the PFX password. Username is ignored";
#$password = ConvertTo-SecureString “PlainTextPassword” -AsPlainText -Force
#$pfxCred = New-Object System.Management.Automation.PSCredential (“Ignored”, $password)
Convert- CngOrEccToPem `
-PfxPath "$path\localhost.pfx" `
-PfxCredential $pfxCred `
- Run Convert-CngOrEccToPem to convert your CNG or ECC PFX certificate to a CngEccCert.key and CngEccCert.pem file. Or you can manually convert using the given OpenSSL commands..
- Follow the Convert a CA Certificate PFX to PEM File instructions to generate your ca.pem file.
Follow the relevant instructions to install RabbitMQ with TLS enabled, using the localhost certs the Examples folder.
- Replace the example CngEccCert.key, CngEccCert.pem, and ca.pem in C:\RabbitMq\ with your files.
- Restart the RabbitMQ service using the