rabbitmq集群开启ssl

官网

https://bitnami.com/stack/rabbitmq/helm

自己生成证书

 helm install ops --set persistence.storageClass=openebs-hostpath \
 --set clustering.forceBoot=true \
 --set replicaCount=3 \
 --set persistence.size=1Gi \
 --set auth.tls.enabled=true \
 --set auth.tls.autoGenerated=true \
 --set auth.tls.failIfNoPeerCert=false \
 --set auth.tls.sslOptionsVerify=verify_peer \
  bitnami/rabbitmq

参考连接

https://github.com/bitnami/charts/tree/master/bitnami/rabbitmq/#installing-the-chart

默认配置

更多参数

https://www.rabbitmq.com/ssl.html#automated-certificate-generation

自定定义生成证书

git clone https://github.com/rabbitmq/tls-gen tls-gen
cd tls-gen/basic
#绑定IP
make CN=172.18.4.94

生成store
# keytool -import -alias server1 -file ca_certificate.pem -keystore /opt/240rabbitstore

输入密钥库口令:   <<<---输入密码
再次输入新口令: <<<---输入密码
所有者: L=$$$$, CN=TLSGenSelfSignedtRootCA 2022-05-09T15:18:04.134848
发布者: L=$$$$, CN=TLSGenSelfSignedtRootCA 2022-05-09T15:18:04.134848
序列号: c9cb7bcfd72e4a59
生效时间: Mon May 09 15:18:04 CST 2022, 失效时间: Thu May 06 15:18:04 CST 2032
证书指纹:
	 SHA1: 7A:6D:9A:05:94:8B:86:1B:53:4F:0F:0B:32:24:9B:16:1A:1B:FC:7E
	 SHA256: A8:50:9E:B2:72:19:C0:E3:E3:37:6F:BE:59:34:56:E2:93:B9:A0:40:C2:F2:31:2A:FA:59:CB:98:E7:35:25:0E
签名算法名称: SHA256withRSA
主体公共密钥算法: 2048 位 RSA 密钥
版本: 3

扩展: 

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: ED F2 D0 36 96 CF 31 91   0C 05 DF 5A 42 CD 22 24  ...6..1....ZB."$
0010: 37 9D B8 75                                        7..u
]
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  Key_CertSign
  Crl_Sign
]

#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: ED F2 D0 36 96 CF 31 91   0C 05 DF 5A 42 CD 22 24  ...6..1....ZB."$
0010: 37 9D B8 75                                        7..u
]
]

是否信任此证书? [否]:  是   <<<<<------可以写中文
证书已添加到密钥库中

-----------------------

证书添此处

如下:

 helm install -n iottepa mq rabbitmq/ -f rabbitmq/values.yaml \
 --set clustering.forceBoot=true \
 --set replicaCount=3 \
 --set auth.tls.enabled=true \
 --set auth.tls.autoGenerated=true \
 --set auth.tls.failIfNoPeerCert=false