Unable to see the SSL ports 15671 and 5671 after following instructions to install RabbitMQ as a service.

All Supported RabbitMQ versions on Windows

When you update variables via the UI, those changes only broadcast to new processes. A command line session can hold onto the "old" environment. 

This article assumes you have followed the installation instructions listed in the doc.

Sometimes, despite following instructions the SSL configuration may not take effect. This usually occurs if you have gone through several iterations of the installation process with changes to the default config file location. C:\Users\<User>\AppData\Roaming\RabbitMQ\ is the default directory on Windows where RabbitMQ stores configuration files (rabbitmq.conf, advanced.config) for the user who installed the service. 

If you don't see the SSL ports configured correctly, follow these troubleshooting steps.

1. Verify the config location in the output of rabbitmq-diagnostics status . 

If you see a location that points to an incorrect location or an empty space when you have a config file listed in a non-default location, the SSL configuration defined in these files will not take effect.

For example,

Config files
 * c:/Users/XXXX/AppData/Roaming/RabbitMQ/advanced.config

2.   Verify rabbitmq server log output.

TLS configuration can be also be confirmed by looking at the ports listed in the startup logs as shown below

<0.562.0> Management plugin: HTTP (non-TLS) listener started on port 15672

 <0.496.0> Ready to start client connection listeners
 <0.614.0> started TCP listener on [::]:5672
 <0.632.0> started TCP listener on 0.0.0.0:5672
 <0.496.0> Server startup complete; 3 plugins started.
 <0.496.0>  * rabbitmq_management
 <0.496.0>  * rabbitmq_management_agent
 <0.496.0>  * rabbitmq_web_dispatch
 <0.9.0> Time to start RabbitMQ: 4643 ms

A workaround is shown in the example below.

Assume that  rabbitmq.conf  is configured as shown with all certs included in the D:/RabbitMQ/SSL/ folder and you have given full permissions to these folders to the user, and/or the group the user belongs to.

listeners.tcp.default=5672
listeners.ssl.default=5671
 
ssl_options.cacertfile=D:/RabbitMQ/SSL/cacert.pem
ssl_options.certfile=D:/RabbitMQ/SSL/xxcert.pem
ssl_options.keyfile=D:/RabbitMQ/SSL/xx-key.pem
ssl_options.verify=verify_peer
ssl_options.fail_if_no_peer_cert = false
 
management.tcp.port=15672
management.ssl.port=15671
 
management.ssl.cacertfile=D:/RabbitMQ/SSL/cacert.pem
management.ssl.certfile=D:/RabbitMQ/SSL/xxcert.pem
management.ssl.keyfile=D:/RabbitMQ/SSL/xx-key.pem
 

 

If all other documented steps have not helped, use an administrative command line session, to set the system environment variables again as shown below.

setx RABBITMQ_BASE "D:\RabbitMQ" /M
 
setx RABBITMQ_CONFIG_FILE "D:\RabbitMQ\rabbitmq.conf" /M

 
Next, launch a new administrative command line session, go to the sbin folder of your RabbitMQ installation, and confirm the values of these system environment variables using the commands below.

echo %RABBITMQ_BASE%
 
echo %RABBITMQ_CONFIG_FILE%

If it displays the new config file locations set in the previous step, run the commands below. 

rabbtmq-service.bat  stop
rabbtmq-service.bat  remove
rabbtmq-service.bat  install
rabbtmq-service.bat  start

Confirm that the correct config files are loaded via rabbitmq-diagnostics status command.  Also confirm that the ssl ports(5671,15671) show up in the startup logs.

Config files
 * D:/RabbitMQ/rabbitmq.conf

  Using setx ... /M via an Administrative CMD  writes directly to the Registry, ensuring the service controller sees the new paths immediately upon the next install command.