Enable TLS in RabbitMQ

The services in OpenIAM communicate with each other using RabbitMQ. This is also have remote connectors, like the AD and Azure PowerShell connectors communicate with OpenIAM system. To improve security, we can enable TLS communication in RabbitMQ.

The sections below describes the changes in the RabbitMQ and OpenIAM configuration.

RabbitMQ Configuration

Use the steps described at this url to:

  • Enable TLS communication in RabbitMQ
  • Create a keystore file called: rabbitmq.jks that contains the appropriate certificates

OpenIAM Configuration

  • Update the ${OPENIAM_CONF_PATH}/conf/properties/rabbitmq.properties to include the new RabbitMQ SSL port.
    • Set spring.rabbitmq.port to the RabbitMQ SSL Port.
  • Copy the jks rabbitmq key must be placed in the same placed in ${OPENIAM_CONF_PATH}/rabbitmq/client/rabbitmq.jks