Shovel over SSL Configuration

[marcelloraffaele]

Hi Team,
I am going to configure a Shovel to replicate messages from a RabbitMQ cluster (A) to another(B), both clusters can use only SSL (amqps).
I am not interested in mTLS, I would like a basic SSL configuration.
Do you have any information on how to setup the src uri and dest uri in order to specify the certs?
Should I specify only dest cacert or cert and key? On dest uri should I specify the client cert or dest ca cert?
Is there some example I can inspire on?

Thank you,
R

[ChunyiLyu]

The cert file and key file are needed for mTLS. You don't need to configure them in this case.

uri specification can be found here: https://www.rabbitmq.com/uri-query-parameters.html#basics

The configuration depends on your own set up. Shovel acts as a client APP for both the source and destination RabbitMQ. Depends on how you've signed your server certs and where you are configuring shovel, you might not need to specify path to the ca cert file.

For example, if you are 1) not using mTLS 2) both your dest&src RabbitMQ are set up to trust the same CA 3) you are configuring shovel in either the source or the destination RabbitMQ, you don't need to configure the ca cert in your URI because it should already be trusted. On the other hand, you are configuring Shovel in a third RabbitMQ cluster, not source or destination, and that third RabbitMQ does not trust the source and destination RabbitMQ's CAs, you will need to provide path to CA certs in both the destination and source URI.

[marcelloraffaele]

Thank you