Please note: The following PHP script requires the correct installation of OpenSSL and a valid openssl.cnf file.
Please adapt the red text from the example below to your requirements.
Example:
$certificateData = [
"countryName" => "DE",
"stateOrProvinceName" => "Germany",
"localityName" => "Example location",
"organizationName" => "Example company AG",
"organizationalUnitName" => "Example unit",
"commonName" => "examplecompany.com",
"emailAddress" => "john.doe@examplecompany.com",
];
// generates a new private key
$privateKey = openssl_pkey_new();
// generates a new certificate signing request (= CSR)
$csr = openssl_csr_new($certificateData, $privateKey);
// sign a CSR with the private key and generate a signed certificate with a lifetime of 365 days
$certificateLifetimeInDays = 365;
$certificate = openssl_csr_sign($csr, null, $privateKey, $certificateLifetimeInDays);
// export signed certificate into PEM format
$pem = [];
openssl_x509_export($certificate, $pem[0]);
openssl_pkey_export($privateKey, $pem[1]);
$pem = implode($pem);
// storing the PEM file in a secure location
$pemfile = 'C:\certs\rabbitmq\cacert.pem';
file_put_contents($pemfile, $pem);
As soon as you run the PHP script you will receive a file named cacert.pem.
The content of the file has the following structure:
-----BEGIN CERTIFICATE-----
MIIEKjCCAxKgAwIw0BAQUFADCBrT0RldXRzY2hsYW5kELMAkGA1UEBhMCTEVREUx
FDASBgNVBAgMCMREwBAgIBADANBgkqhkiG9DwYDVQQHDAhNYW5uaGVpbMBMGA1UE
...
koP4O5d4J+Y39FUJ+TB+Uf87m7UlF+Yhuhi0hiMSEE5oSSdLzY5k7wfNc1PTB+mT
Y6lpkF9gqPxA3b+k6ELO1yKzUXvvzO88RCtiOqsR3yoKgsHlhAzeSJ7iNjELg12B
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiY6lpkF9gqPxA3b+G9w0BBQ0wQTApBI6mZsZfUkqBBQwwCAggA
XkflXrizLShOkCdiBaS4Q49eu9Mo2+7lEuKUcq5RL2HO1vxmhNDX1uSgt2/wOj7N
...
TzclsOT6xqgX3A46Pn8K2+PjhgkqhkiG9w0wHAQi9Al3+Yvjp81/i/INm+9mYe9w
m9G/p0NdZeFoq7/vk/Tl9BxhMd5X8i11ymKPGD8rjSj0tT3qgs4MnijlYvNwZNCu
-----END ENCRYPTED PRIVATE KEY-----
Split of the PEM file (key.pem, cert.pem, cacert.pem)
Please note: To enable the SSL connection it is mandatory to adhere to the document guidelines regarding the naming of the PEM files.
To establish an SSL connection for RabbitMQ, different PEM files are required: key.pem, cert.pem and cacert.pem. The content of these 3 files must be subsequently adapted subsequently.
Please note: The following PEM files must be stored at a safe place.
Example for key.pem: Copy the just created file cacert.pem and rename the new file in key.pem. Then open the new file and delete everything except of the Private Key. The file should then be structured as follows:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiY6lpkF9gqPxA3b+G9w0BBQ0wQTApBI6mZsZfUkqBBQwwCAggA
XkflXrizLShOkCdiBaS4Q49eu9Mo2+7lEuKUcq5RL2HO1vxmhNDX1uSgt2/wOj7N
...
TzclsOT6xqgX3A46Pn8K2+PjhgkqhkiG9w0wHAQi9Al3+Yvjp81/i/INm+9mYe9w
m9G/p0NdZeFoq7/vk/Tl9BxhMd5X8i11ymKPGD8rjSj0tT3qgs4MnijlYvNwZNCu
-----END ENCRYPTED PRIVATE KEY-----
Example for cert.pem: Copy the just created file cacert.pem and rename the new file in cert.pem. Then open the new file and delete everything except of the Private Key. The file should then be structured as follows:
-----BEGIN CERTIFICATE-----
MIIEKjCCAxKgAwIw0BAQUFADCBrT0RldXRzY2hsYW5kELMAkGA1UEBhMCTEVREUx
FDASBgNVBAgMCMREwBAgIBADANBgkqhkiG9DwYDVQQHDAhNYW5uaGVpbMBMGA1UE
...
koP4O5d4J+Y39FUJ+TB+Uf87m7UlF+Yhuhi0hiMSEE5oSSdLzY5k7wfNc1PTB+mT
Y6lpkF9gqPxA3b+k6ELO1yKzUXvvzO88RCtiOqsR3yoKgsHlhAzeSJ7iNjELg12B
-----END CERTIFICATE-----
Example for cacert.pem: Copy the just created file cacert.pem and delete the Private Key. The file should then be structured as follows:
-----BEGIN CERTIFICATE-----
MIIEKjCCAxKgAwIw0BAQUFADCBrT0RldXRzY2hsYW5kELMAkGA1UEBhMCTEVREUx
FDASBgNVBAgMCMREwBAgIBADANBgkqhkiG9DwYDVQQHDAhNYW5uaGVpbMBMGA1UE
...
koP4O5d4J+Y39FUJ+TB+Uf87m7UlF+Yhuhi0hiMSEE5oSSdLzY5k7wfNc1PTB+mT
Y6lpkF9gqPxA3b+k6ELO1yKzUXvvzO88RCtiOqsR3yoKgsHlhAzeSJ7iNjELg12B
-----END CERTIFICATE-----
