Add more information about ssl_certificate_path for RabbitMQ output

[n0othing]

(Somewhat related to https://github.com/logstash-plugins/logstash-output-rabbitmq/issues/39)

The output plugin only supports passing in a .p12 for both trusts + any client cert/key pair. It'd be helpful to expand the docs by:

• Mentioning that the .p12 can contain a client cert/key pair.
• How to create a .p12 that's usable by the plugin.

Bullet two might seem a bit too out of scope, but I've encountered problems across different versions of Logstash. For example, the following worked great back with Logstash 5.4.0:

openssl pkcs12 -export -in chain.pem -inkey logstash.key -out openssl-only.p12

(where chain.pem is a concatenated file containing Logstash's public cert + the signing authority of RabbitMQ's cert).

But using the same method with Logstash 7.6.1 results in the following error:

RabbitMQ connection error, will retry. {:error_message=>"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>"Java::JavaxNetSsl::SSLHandshakeException"}

In order to build a working .p12 on Logstash 7.6.1 (using existing PEM encoded certs/keys), I had to use both openssl + Java's keytool:

openssl pkcs12 -export -out logstash.p12 -inkey logstash.key -in logstash.crt

keytool -import -file ca.crt  -alias ca_cert -keystore logstash.p12

[rlevytskyi]

I spent so much time playing with RabbitMQ, Logstash, Java, SSL and all this stuff before stumbled across this post and make it work. There are no words strong enough to express my endless gratitude to you, Robbie.

Best, Roman Levitsky, Systems Administrator, Exadel.