Updated on 2025-07-28 GMT+08:00

Accessing RocketMQ on a Client (With SSL)

This document describes how to access a RocketMQ instance with SSL enabled on the Linux CLI. When SSL is enabled, data is transmitted in ciphertext between a client and a RocketMQ instance with high security.

Video Tutorial

This video shows how to access a RocketMQ instance.

Prerequisites

  • A RocketMQ instance with SSL or PERMISSIVE for encryption has been purchased.
  • The network between the client and the RocketMQ instance has been established. For details about network requirements, see RocketMQ Network Connection Conditions.
  • Security group rules have been properly configured.

    To access a RocketMQ instance on a client, configure proper security group rules in the instance. Otherwise, the connection fails. For details, see Table 2 or Table 3.

  • A RocketMQ instance has been created and its connection address has been obtained.
    The connection address can be obtained from Overview > Connection on the RocketMQ console.
    • If the client uses TCP, obtain Instance Address (Private Network) IPv4 or Instance Address (Public Network) IPv4.
    • If the client uses gPRC, obtain gRPC Connection Address IPv4 or gRPC Connection Address (Public Network) IPv4.

      Only RocketMQ 5.x instances involve gRPC.

  • A topic has been created. The topic name has been obtained and publish and subscribe permissions are granted.
  • Java Development Kit 1.8.111 or later has been installed on the client server, and related environment variables have been configured. For details, see Installing JDK and Configuring Environment Variables.
  • The client server must be able to access the Internet to download the sample software package.

Accessing the Instance with CLI

  1. Log in to the client server using SSH.
  2. Download the rocketmq-tutorial software package.

    wget https://dms-demos.obs.cn-north-1.myhuaweicloud.com/rocketmq-tutorial.zip

  3. Decompress the rocketmq-tutorial package.

    unzip rocketmq-tutorial.zip

  4. (Optional) If ACL is enabled for the RocketMQ instance, authentication is required when you run the mqadmin command.

    Switch to the directory where the decompressed software package is stored and add the following content to the conf/tools.yml file:
    accessKey:*******
    secretKey:*******

    accessKey and secretKey are the username and secret key set on the Instance > Users page of the console. For details, see Creating a User.

  5. Go to the rocketmq-tutorial/bin directory.

    cd rocketmq-tutorial/bin

  6. Produce normal messages using the sample project.

    JAVA_OPT=-Dtls.enable=true sh mqadmin sendMessage -n "${Connection address}" -t ${Topic name} -p "Message content"
    Table 1 Message production parameters

    Parameter

    Description

    Example Value

    Connection address

    Connection address of the RocketMQ instance.

    Obtained in Prerequisites.

    11.xxx.xxx.89:8200;11.xxx.xxx.144:8200 (public network as an example, private port is 8100)

    Topic name

    The name of the topic created for the RocketMQ instance.

    Obtained in Prerequisites.

    topic-test

    Message content

    The message content is custom.

    The maximum message size supported by RocketMQ is 4 MB. This limit cannot be modified.

    hello rocketmq

    Run the following command with the values obtained in Table 1 to produce a normal message:

    JAVA_OPT=-Dtls.enable=true sh mqadmin sendMessage -n "11.xxx.xxx.89:8200;11.xxx.xxx.144:8200" -t topic-test -p "hello rocketmq"

    The message is produced when the information in the red box shown in the following figure is displayed.

  7. Consume normal messages using the sample project.

    JAVA_OPT=-Dtls.enable=true sh mqadmin consumeMessage -n "${Connection addresses}" -t ${Topic name}

    Run the following command with the values obtained in Table 1 to consume normal messages:

    JAVA_OPT=-Dtls.enable=true sh mqadmin consumeMessage -n "11.xxx.xxx.89:8200;11.xxx.xxx.144:8200" -t topic-test

    The message is consumed when the information in the red box shown in the following figure is displayed.

    To stop consuming messages, press Ctrl+C to exit.

  8. Create messages with traces using the sample project.

    JAVA_OPT=-Dtls.enable=true sh mqadmin sendMessage -n "${Connection addresses}" -t ${Topic name} -p "Message content" -m true

    Run the following command with the values obtained in Table 1 to produce messages with traces:

    JAVA_OPT=-Dtls.enable=true sh mqadmin sendMessage -n "11.xxx.xxx.89:8200;11.xxx.xxx.144:8200" -t topic-test -p "hello rocketmq" -m true

    The message is produced when the information in the red box shown in the following figure is displayed.

  9. Retrieve messages and send the message traces using the sample project.

    JAVA_OPT=-Dtls.enable=true sh mqadmin consumeMessage -n "${Connection addresses}" -t ${Topic name} -m true

    Run the following command with the values obtained in Table 1 to consume messages with traces:

    JAVA_OPT=-Dtls.enable=true sh mqadmin consumeMessage -n "11.xxx.xxx.89:8200;11.xxx.xxx.144:8200" -t topic-test -m true

    The message is consumed when the information in the red box shown in the following figure is displayed.

    To stop consuming messages, press Ctrl+C to exit.

Related Document