Installing RabbitMQ Offline with TLS (Advanced)

Downloading the RabbitMQ and and installers

Before you begin, make sure that you download the RabbitMQ and Erlang installers.

Starting from version 10.2.0.0 the -UseDelineaMirror switch is now –UseNonMirror. This change happened because commands are using Delinea download mirror links as the default.

To get the download locations for the installers, run the following command:

Get-DownloadLocations;

To get the official CND mirror download location, run the following command:

Get-DownloadLocations -UseNonMirror;

Copy the offline folder to the target system which does not have internet and proceed with the desired installation.

General TLS requirements

• The certificate used has to match the hostname used by RabbitMq. Wildcard certificates are supported.

• The certificate has to be an RSA with 2048 bit encryption or higher for the RabbitMq Helper to be able to convert it.

  • CNG and/or ECC certificates can be manually converted with OpenSSL, see Convert a CNG or ECC certificate to PEM File

• The certificate chain has to be trusted by both the RabbitMq node and anything connecting to the RabbitMq host.

  • If using self-signed certificated, ensure that the certificates are properly installed in the certificate store.

$path = "C:\Program Files\Delinea Software Ltd\RabbitMq Helper\net6.0"
$username = "<SITE CONNECTOR USERNAME FROM SECRET SERVER>" 
$password = "<SITE CONNECTOR PASSWORD FROM SECRET SERVER>"

# Create a PSCredential object to use for the installation
$cred = New-Object System.Management.Automation.PSCredential ($username, (ConvertTo-SecureString -String $password -AsPlainText -Force))
 
# FQDN which will be used by clients connecting to this RabbitMq host. *It has to match the subject name in the PFX*
$fqdn = "fullyqualifieddomainname.in.the.pfx";
$certpath = $path; 

#(the password for the example localhost.pfx certificate is "password1")
#if you don't want to be prompted you can hardcode your credential in the script
#$password = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
#$pfxCred = New-Object System.Management.Automation.PSCredential ("Ignored", $password)
 
Install-Connector `
    -Hostname $fqdn `
    -Credential $cred `
    -UseTls `
    -CaCertPath "$certpath\localhostca.cer" `
    -PfxPath "$certpath\localhost.pfx" `
    -PfxCredential $pfxCred `
    -OfflineErlangInstallerPath "$path\o-erlang.exe" `
    -OfflineRabbitMqInstallerPath "$path\o-rabbitMq.exe" `
    -Verbose;

There are more switches for this Install-Connector cmdlet. For more information, run get-help install-connector when inside the RabbitMQ Helper.

Using a local, non-domain admin account for the Installation is suggested.