Changing Certificates for RabbitMQ
To replace the RabbitMQ certificates with your own trusted certificates, provide the following certificate files and keys:
- The file containing the public key of the root Certificate Authorities that you wish to implicitly trust, named:
ca.cer
- The file containing the client's own certificate public key, named:
rabbitmq.cer
- The file containing the client's private key in PEM format, named:
key.pem
This can be done using OpenSSL. Examples of the commands are as follows:
openssl pkcs12 -in famcert.pfx -nokeys -out rabbitmq.cer
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
To configure the RabbitMQ certificate files:
-
Replace the files located under “%SAILPOINT_HOME%\RabbitMQ\certificates” with the certificates and key mentioned above.
-
Open the file %SAILPOINT_HOME%\RabbitMQ\data\rabbitmq.config with a text editor, and replace the current files path with the path of your own trusted certificates and key. Then save the file.
-
Delete the SailPoint RabbitMQ certificate from the certificate computer store. The certificate name is “File Access Manager RabbitMQ”
-
Restart the rabbitmq service, the Central Permission Collection Engine(s) and Collector(s) services and the Central Data Collection Engine(s) and Collector(s) services.