This section describes how to determine whether your RabbitMQ cluster uses certificates and identify their location on the system.
To verify that the RabbitMQ cluster uses certificates:
Log in to the Salt Master node.
Run the following command:
salt -C 'I@rabbitmq:server' cmd.run "rabbitmqctl environment | \
grep -E '/ssl/|ssl_listener|protocol_version'"
Example of system response:
msg02.multinode-ha.int:
{ssl_listeners,[{"0.0.0.0",5671}]},
[{cacertfile,"/etc/rabbitmq/ssl/ca.pem"},
{certfile,"/etc/rabbitmq/ssl/cert.pem"},
{keyfile,"/etc/rabbitmq/ssl/key.pem"},
{ssl,[{protocol_version,['tlsv1.2','tlsv1.1',tlsv1]}]},
msg01.multinode-ha.int:
{ssl_listeners,[{"0.0.0.0",5671}]},
[{cacertfile,"/etc/rabbitmq/ssl/ca.pem"},
{certfile,"/etc/rabbitmq/ssl/cert.pem"},
{keyfile,"/etc/rabbitmq/ssl/key.pem"},
{ssl,[{protocol_version,['tlsv1.2','tlsv1.1',tlsv1]}]},
msg03.multinode-ha.int:
{ssl_listeners,[{"0.0.0.0",5671}]},
[{cacertfile,"/etc/rabbitmq/ssl/ca.pem"},
{certfile,"/etc/rabbitmq/ssl/cert.pem"},
{keyfile,"/etc/rabbitmq/ssl/key.pem"},
{ssl,[{protocol_version,['tlsv1.2','tlsv1.1',tlsv1]}]},
Proceed to renewal or replacement of your certificates as required.