If you choose to integrate third-party certificates into RabbitMQ, you must make a certificate signing request (CSR).
To request a certificate signing request (CSR) file:
Open Windows Console:
- In the Windows search box, type Run.
In the Run dialog box, type
The Console window opens.
- Open the Add/Remove Snap-in task by selecting .
Add certificates from the Available snap-ins list to the
Selected snap-ins list:
- Select the required certificates.
- Click Add.
- In the Certificates snap-in dialog box, select Computer account and click Next.
Select Local computer and click
You are directed back to the Add or Remove Snap-ins window.
Certificates (Local Computer) is added under Console Root in the Console window.
To enroll the certificates:
- In the Console window, expand the newly added Certificates entry.
- Navigate to .
Right-click the Certificates folder and select .
The Certificate Enrollment window opens.
- Click Next.
- Select Proceed without enrollment policy and click Next.
Select the following parameters and then click Next:
The Certificate Enrollment dialog box shows the certificate information.
- From the Template list, select (No template) Legacy key.
- Select PKCS#10 for Request format.
Expand the Details and then click
In the Certificate properties dialog box, click the
Subject tab and enter the following details:
IMPORTANT: The common name you enter must match the fully qualified domain name of the server. For example, if the hostname of your server is Server1 and your domain is MyCompany.com, then the fully qualified domain name of your server would be Server1.MyCompany.com.
- From the Type list, select Common name.
- In the Value field, enter <YourServerName>.<YourCompanyDomain.com>.
Click the Extensions tab and perform the following actions:
Expand Key usage and add the following options to the
Selected options list:
- Digital Signature
- Key agreement
Expand Extend key usage (application policies) and add the
following to the Selected options list:
- Server Authentication
- Client Authentication
- Expand Key usage and add the following options to the Selected options list:
Click the Private Key tab and set the following
- Expand Key type and select Exchange.
- Expand Key options, set Key size to 2048, and select Make private key exportable.
Expand Cryptographic Service Provider and select
Microsoft RSA SChannel Cryptographic Provider
This is the last option on the list.
- Click Apply and then click OK.
In the Certificate Enrollment dialog box, click
Next, and save your certificate request:
- Select a name and destination for your file.
- Choose Base 64 for the File format.
Your request file is saved in the .csr format.
After you finish
- Send your request file to your IT department or external certificate authority for processing.
- After the certificate has been generated, you can import it and apply it to your server.