All Murano components communicate with each other by RabbitMQ. This interaction can be encrypted with SSL. By default all messages in Rabbit MQ are not encrypted. Each RabbitMQ Exchange should be configured separately.

Murano API -> Rabbit MQ exchange

Edit rabbitmq section in /etc/murano/murano-api.conf and set ssl option to True to enable SSL. Specify the path to the SSL CA certificate in regular format: /path/to/file without quotes or leave it empty to allow self-signed certificates.

					
	[rabbitmq]

# Use SSL for RabbitMQ connections (True or False)
ssl = True

# Path to SSL CA certificate or empty to allow self signed server certificate
ca_certs =
					
			

Rabbit MQ -> Murano Conductor exchange

Open /etc/murano/conductor.conf and configure rabbitmq section in the same way: enable ssl option to True and set CA certificate path or leave it empty to allow self-signed certificates.

				
	[rabbitmq]

# Use SSL for RabbitMQ connections (True or False)
ssl = True

# Path to SSL CA certificate or empty to allow self signed server certificate
ca_certs = /home/user/certificates/example.crt
				
			

Murano Agent -> Rabbit MQ exchange

By default all Murano Conductor configuration settings apply to Murano Agent. If you want to configure Murano Agent in a different way change the default template. It can be found here:/etc/murano/data/templates/agent-config/Default.template. Take a look at appSettings section:

					
	<appSettings>
		<add key="rabbitmq.host" value="%RABBITMQ_HOST%"/>
		<add key="rabbitmq.port" value="%RABBITMQ_PORT%"/>
		<add key="rabbitmq.user" value="%RABBITMQ_USER%"/>
		<add key="rabbitmq.password"
			 value="%RABBITMQ_PASSWORD%"/>
		<add key="rabbitmq.vhost" value="%RABBITMQ_VHOST%"/>
		<add key="rabbitmq.inputQueue"
			 value="%RABBITMQ_INPUT_QUEUE%"/>
		<add key="rabbitmq.resultExchange" value=""/>
		<add key="rabbitmq.resultRoutingKey"
			 value="%RESULT_QUEUE%"/>
		<add key="rabbitmq.durableMessages" value="true"/>

		<add key="rabbitmq.ssl" value="%RABBITMQ_SSL%"/>
		<add key="rabbitmq.allowInvalidCA" value="true"/>
		<add key="rabbitmq.sslServerName" value=""/>
	</appSettings>
					
			

Desired parameter should be set directly to the value of the key that you want to change. Quotes are need to be kept. Thus you can change "rabbitmq.ssl" and "rabbitmq.port" values to make Rabbit MQ work with this exchange in a different from Murano-Conductor way.