# enable plugins and restart
rabbitmq-plugins enable rabbitmq_management
rabbitmq-plugins enable rabbitmq_mqtt
rabbitmq-plugins enable rabbitmq_web_stomp
rabbitmq-plugins enable rabbitmq_shovel
rabbitmq-plugins enable rabbitmq_management_visualiser 
rabbitmq-plugins enable rabbitmq_recent_history_exchange 
rabbitmq-plugins enable rabbitmq_top 
rabbitmq-plugins enable rabbitmq_tracing

# install and enable mqtt over websockets
cd /usr/lib/rabbitmq/lib/rabbitmq_server-3.6.5/plugins
wget http://www.rabbitmq.com/community-plugins/v3.6.x/rabbitmq_web_mqtt-3.6.x-3b6a09bb.ez
 rabbitmq-plugins enable rabbitmq_web_mqtt

/etc/init.d/rabbitmq-server restart

#change default passwrd
rabbitmqctl change_password guest s0m3p4ssw0rd

#configure new user
rabbitmqctl add_user newadmin s0m3p4ssw0rd
rabbitmqctl set_user_tags newadmin administrator
rabbitmqctl set_permissions -p / newadmin ".*" ".*" ".*"

Generate SSL/TLS chain



Edit /etc/rabbitmq/rabbitmq.config

[
 {rabbit,
   {ssl_listeners, [5671]},
    {ssl_options, [
     {cacertfile,           "/opt/rabbitmq-ssl/testca/cacert.pem"},
     {certfile,             "/opt/rabbitmq-ssl/server/cert.pem"},
     {keyfile,              "/opt/rabbitmq-ssl/server/key.pem"},
     {verify,               verify_peer},
     {fail_if_no_peer_cert, false}]}
  ]},
 {rabbitmq_mqtt,
    {default_user, <<"guest">>},
    {default_pass, <<"guest">>},
    {allow_anonymous, true},
    {tcp_listeners, [1883]},
    {ssl_listeners, [8883]}
  ]},
].

Restart server

/etc/init.d/rabbitmq-server restart

#Test TLS
openssl s_client -connect 127.0.0.1:5671 -tls1

# Test MQTT
mosquitto_sub -h localhost -v -t '#'
mosquitto_pub -h localhost -t 'test' -m 'msg'

# Test MQTT with TLS
mosquitto_sub -h localhost -p 8883 -v -t '#' \
 --key /opt/rabbitmq-ssl/client/key.pem \
 --cert /opt/rabbitmq-ssl/client/cert.pem \
 --cafile /opt/rabbitmq-ssl/testca/cacert.pem
mosquitto_pub -h localhost -p 8883 -t 'test' -m 'msg' \
 --key /opt/rabbitmq-ssl/client/key.pem \
 --cert /opt/rabbitmq-ssl/client/cert.pem \
 --cafile /opt/rabbitmq-ssl/testca/cacert.pem