You can do this by adding the following lines to the RabbitMQ configuration file located in ${XRAY_HOME}/app/bin/rabbitmq/rabbitmq.conf:
The listeners.ssl.default line tells RabbitMQ to listen for SSL/TLS connections on port 5671 and listeners.tcp disables non-TLS listeners, management.listener.ssl secures RabbitMQ management UI. The ssl_options.certfile and ssl_options.keyfile lines specify the paths to the server certificate and private key, respectively. The ssl_options.verify line tells RabbitMQ to verify the peer's certificate, and the ssl_options.fail_if_no_peer_cert line tells it to fail if the peer does not provide a certificate. Finally, the ssl_options.cacertfile line specifies the path to the certificate authority (CA) certificate that is used to verify the peer's certificate.
listeners.ssl.default = 5671
listeners.tcp = none
management.listener.ssl = true
ssl_options.cacertfile = ${XRAY_HOME}/var/data/rabbitmq/certs/ca_certificate.pem
ssl_options.certfile = ${XRAY_HOME}/var/data/rabbitmq/certs/server_xray_certificate.pem
ssl_options.keyfile = ${XRAY_HOME}/var/data/rabbitmq/certs/server_xray_key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true The listeners.ssl.default line tells RabbitMQ to listen for SSL/TLS connections on port 5671 and listeners.tcp disables non-TLS listeners, management.listener.ssl secures RabbitMQ management UI. The ssl_options.certfile and ssl_options.keyfile lines specify the paths to the server certificate and private key, respectively. The ssl_options.verify line tells RabbitMQ to verify the peer's certificate, and the ssl_options.fail_if_no_peer_cert line tells it to fail if the peer does not provide a certificate. Finally, the ssl_options.cacertfile line specifies the path to the certificate authority (CA) certificate that is used to verify the peer's certificate.