Enable TLS in RabbitMQ
The services in OpenIAM communicate with each other using RabbitMQ. This is also have remote connectors, like the AD and Azure PowerShell connectors communicate with OpenIAM system. To improve security, we can enable TLS communication in RabbitMQ.
The sections below describes the changes in the RabbitMQ and OpenIAM configuration.
RabbitMQ Configuration
Use the steps described at this url to:
- Enable TLS communication in RabbitMQ
- Create a keystore file called: rabbitmq.jks that contains the appropriate certificates
OpenIAM Configuration
- Update the
${OPENIAM_CONF_PATH}/conf/properties/rabbitmq.properties
to include the new RabbitMQ SSL port.- Set
spring.rabbitmq.port
to the RabbitMQ SSL Port.
- Set
- Copy the
jks
rabbitmq key must be placed in the same placed in ${OPENIAM_CONF_PATH}/rabbitmq/client/rabbitmq.jks