Installing RabbitMQ Online with TLS (Advanced) PowerShell

General TLS requirements

The certificate used has to match the hostname used by RabbitMQ. Wildcard certificates are supported.
The certificate has to be an RSA with 2048 bit encryption or higher for the RabbitMQ Helper to be able to convert it.
- CNG and/or ECC certificates can be manually converted with OpenSSL, see Convert a CNG or ECC certificate to PEM File
The certificate chain has to be trusted by both the RabbitMq node and anything connecting to the RabbitMQ host.
- If using self-signed certificates, ensure that the certificates are properly installed in the certificate store.

To conduct an online with TLS installation, run the commands provided below.

Copy

$path = "C:\Program Files\Delinea Software Ltd\RabbitMq Helper\net6.0"
$username = "<SITE CONNECTOR USERNAME FROM SECRET SERVER>" 
$password = "<SITE CONNECTOR PASSWORD FROM SECRET SERVER>"

Copy

# Create a PSCredential object to use for the installation  
$cred = New-Object System.Management.Automation.PSCredential ($username, (ConvertTo-SecureString -String $password -AsPlainText -Force))

Copy

# Insert RabbitMQ Admin User Credentials
$adminUsername = "<User-defined RabbitMQ admin Username>" 
$adminPassword = "<User-defined RabbitMQ admin Password>"

Copy

# Create a PSCredential object to use for the installation
$adminCredential = New-Object System.Management.Automation.PSCredential ($adminUsername, (ConvertTo-SecureString -String $adminPassword -AsPlainText -Force))

Copy

# FQDN which will be used by clients connecting to this RabbitMq host
$fqdn = "localhost"; 
$certpath = $path; 
$pfxCred = Get-Credential -UserName PfxUserName -Message "Enter the PFX password. Username is ignored";
#(the password for the example localhost.pfx certificate is "password1")
#$password = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
#$pfxCred = New-Object System.Management.Automation.PSCredential ("Ignored", $password)

Copy

Install-Connector `
-Hostname $fqdn `
-Credential $cred `
-AdminCredential $adminCredential `
-UseTls `
-CaCertPath "$certpath\localhostca.cer" `
-PfxPath "$certpath\localhost.pfx" `
-PfxCredential $pfxCred `
-Verbose;

There are more switches for this commandlet. For more information, run "get-help install-connector" when inside the helper.

Using a local, non-domain admin account for the installation is required.