Installing RabbitMQ Offline with TLS (Advanced)

Downloading the RabbitMQ and and installers

Before you begin, make sure that you download the RabbitMQ and Erlang installers.

Starting from version 10.2.0.0 the -UseDelineaMirror switch is now –UseNonMirror. This change happened because commands are using Delinea download mirror links as the default.

To get the download locations for the installers, run the following command:

Get-DownloadLocations;

To get the official CND mirror download location, run the following command:

Get-DownloadLocations -UseNonMirror;

Copy the offline folder to the target system which does not have internet and proceed with the desired installation.

General TLS requirements

  • The certificate used has to match the hostname used by RabbitMq. Wildcard certificates are supported.
  • The certificate has to be an RSA with 2048 bit encryption or higher for the RabbitMq Helper to be able to convert it.

  • The certificate chain has to be trusted by both the RabbitMq node and anything connecting to the RabbitMq host.

    • If using self-signed certificated, ensure that the certificates are properly installed in the certificate store.
Copy
$path = "C:\Program Files\Delinea Software Ltd\RabbitMq Helper\net6.0"

$cred = Get-Credential -Message "Enter the site connector credentials from Secret Server";
#if you don't want to be prompted you can hardcode your credential in the scriptf #$password = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
#$cred = New-Object System.Management.Automation.PSCredential ("CustomUserName", $password)

# FQDN which will be used by clients connecting to this RabbitMq host. *It has to match the subject name in the PFX*
$fqdn = "fullyqualifieddomainname.in.the.pfx";

$certpath = $path;

$pfxCred = Get-Credential -UserName PfxUserName -Message "Enter the PFX password. Username is ignored";
#(the password for the example localhost.pfx certificate is "password1")
#if you don't want to be prompted you can hardcode your credential in the script
#$password = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
#$pfxCred = New-Object System.Management.Automation.PSCredential ("Ignored", $password)

Install-Connector `
    -Hostname $fqdn `
    -Credential $cred `
    -UseTls `
    -CaCertPath "$certpath\localhostca.cer" `
    -PfxPath "$certpath\localhost.pfx" `
    -PfxCredential $pfxCred `
    -OfflineErlangInstallerPath "$path\o-erlang.exe" `
    -OfflineRabbitMqInstallerPath "$path\o-rabbitMq.exe" `
    -Verbose

There are more switches for this Install-Connector cmdlet; for more information, run get-help install-connector when inside the RabbitMQ Helper.