Secure Socket Layer (SSL) is a protocol that provides security for communications between client and server by implementing encrypted data and certificate-based authentication. … The bad news is that the configuration process and SSL itself can be a little confusing for first-time users.

All communication between Sensu services happens via the Sensu transport. As such, to secure a Sensu installation means to secure communication between all of the Sensu services and the Sensu transport via SSL encryption. Sensu can operate without the use of SSL encryption, however, this practice is heavily discouraged.

SSL-secured Transports

Although the Sensu transport library makes it possible for Sensu to leverage transport alternatives to RabbitMQ (e.g. Redis), not all transports offer SSL support (e.g. Redis does not support SSL). For this reason, this reference document will focus on SSL security for Sensu with the RabbitMQ transport.

Configuring Sensu + RabbitMQ for SSL encryption

Generate self-signed OpenSSL certificates and CA

The following instructions will generate an OpenSSL certificate authority and self-signed certificates. Alternatively, please refer to the official RabbitMQ SSL documentation for a detailed guide on configuring RabbitMQ with SSL.