Convert a Host PFX to PEM File

RabbitMQ only supports PEM File format for certificate verification.

The new PEM file created below will be placed into:

%PROGRAMFILES%\Delinea Software Ltd\RabbitMq Site Connector\.

Example Localhost.pfx

The Examples folder contains a test localhost.pfx. This PFX is strictly for testing TLS on a single machine. You must import in the Personal/Certificates certificate store since it is not a valid certificate issued by a CA and is not trusted. Any connections made to RabbitMQ when this certificate is used will otherwise fail.

$path = "$env:programfiles \Program Files\Delinea Software Ltd\RabbitMq Helper\net6.0\Examples”;

$pfxCred = Get-Credential -UserName PfxUserName -Message "Enter the PFX password. Username is ignored"; #$password = ConvertTo-SecureString “PlainTextPassword” -AsPlainText -Force #$pfxCred = New-Object System.Management.Automation.PSCredential (“Ignored”, $password)

Convert-PfxToPem
-PfxPath "$path\localhost.pfx" 
-PfxCredential $pfxCred 
-Verbose;

For more information on certificates, see RabbitMQ TLS Support.

How to Use CNG or ECC Certificates with the Helper

1. Run Convert-CngOrEccToPem to convert your CNG or ECC PFX certificate to a cert.key and cert.pem file.

2. Follow the Convert a CA Certificate PFX to PEM File instructions to generate your ca.pem file.

3. Follow the relevant instructions to install RabbitMq with TLS enabled, using the localhost certs the Examples folder.

   • Advanced installation of RabbitMQ with TLS from a computer connected to the Internet
   • Advanced installation of RabbitMQ with TLS from a computer NOT connected to the Internet

4. Replace the example cert.key, cert.pem, and ca.pem in C:\RabbitMq\ with your files.

5. Restart the RabbitMq service using the Stop-RabbitMq and Start-RabbitMq helper commands.