Verify that the RabbitMQ cluster uses certificates

Verify that the RabbitMQ cluster uses certificatesΒΆ

This section describes how to determine whether your RabbitMQ cluster uses certificates and identify their location on the system.

To verify that the RabbitMQ cluster uses certificates:

  1. Log in to the Salt Master node.

  2. Run the following command:

    salt -C 'I@rabbitmq:server' cmd.run "rabbitmqctl environment | \
    grep -E '/ssl/|ssl_listener|protocol_version'"
    

    Example of system response:

    msg02.multinode-ha.int:
              {ssl_listeners,[{"0.0.0.0",5671}]},
                  [{cacertfile,"/etc/rabbitmq/ssl/ca.pem"},
                   {certfile,"/etc/rabbitmq/ssl/cert.pem"},
                   {keyfile,"/etc/rabbitmq/ssl/key.pem"},
         {ssl,[{protocol_version,['tlsv1.2','tlsv1.1',tlsv1]}]},
    msg01.multinode-ha.int:
              {ssl_listeners,[{"0.0.0.0",5671}]},
                  [{cacertfile,"/etc/rabbitmq/ssl/ca.pem"},
                   {certfile,"/etc/rabbitmq/ssl/cert.pem"},
                   {keyfile,"/etc/rabbitmq/ssl/key.pem"},
         {ssl,[{protocol_version,['tlsv1.2','tlsv1.1',tlsv1]}]},
    msg03.multinode-ha.int:
              {ssl_listeners,[{"0.0.0.0",5671}]},
                  [{cacertfile,"/etc/rabbitmq/ssl/ca.pem"},
                   {certfile,"/etc/rabbitmq/ssl/cert.pem"},
                   {keyfile,"/etc/rabbitmq/ssl/key.pem"},
         {ssl,[{protocol_version,['tlsv1.2','tlsv1.1',tlsv1]}]},
    
  3. Proceed to renewal or replacement of your certificates as required.