Rabbitmq 3.7.17 TLS Connection

26 views
Skip to first unread message

Mehmet Onur Karakaş

unread,
Jan 8, 2026, 2:11:57 AM (13 days ago) Jan 8
to rabbitmq-users

Subject: RabbitMQ 3.7.x TLS issues on Windows – service crash when SSL certificates are configured

Hello,

I am running RabbitMQ 3.7.17 with Erlang 22.0.7 on Windows 10 and trying to enable TLS for both AMQP and the Management UI.

After multiple attempts, I would like to share my observations and ask for guidance on the correct configuration approach.

Configuration approach

Although I tried configuring TLS using both rabbitmq.conf (INI format) and rabbitmq.config (classic Erlang format), neither of them resulted in a working TLS listener.

The only configuration file that actually enables TLS listeners on my system is advanced.config, so I am currently proceeding exclusively with that file.

Current advanced.config:

[
 {rabbit, [
   {ssl_listeners, [5671]},
   {ssl_options, [
     {cacertfile, "C:/Users/dev/AppData/Roaming/Rabbitmq/ssl/ca.pem"},
     {certfile,   "C:/Users/dev/AppData/Roaming/Rabbitmq/ssl/server.pem"},
     {keyfile,    "C:/Users/dev/AppData/Roaming/Rabbitmq/ssl/server.key"},
     {verify, verify_peer}
   ]}
 ]}
].
When certificate options are removed, RabbitMQ starts normally and I can connect using OpenSSL:
openssl s_client -connect localhost:5671 -CAfile ca.pem

This connection succeeds.

Client certificate (mTLS) test

When certificate options are configured, I attempt to connect using a client certificate:

openssl s_client \ -connect localhost:5671 \ -CAfile ca.pem \ -cert client.pem \ -key client.key

The output still shows:

no peer cert available no client cert CA names sent Verify return code: 0 (OK)

In some cases, RabbitMQ crashes or terminates shortly after this connection attempt.


Management UI over TLS (15671)

I am also unable to reliably access the Management UI over TLS.

OpenSSL test:

openssl s_client -connect localhost:15671 -CAfile ca.pem

Output:

no peer cert available no client cert CA names sent Verify return code: 0 (OK) SSL handshake has read 0 bytes and written 293 bytes

When SSL certificates are configured, RabbitMQ either becomes unresponsive or terminates after this test.

Summary of issues

  • TLS listeners are only activated when using advanced.config

  • Adding SSL certificate options can cause RabbitMQ to crash on startup

  • Server-only TLS connections succeed via OpenSSL

  • Client certificate (mTLS) connections do not appear to be requested or validated

  • Management UI over TLS is unstable and causes the service to stop

  • OpenSSL reports successful verification even when RabbitMQ terminates

Questions

  1. What is the correct and supported way to configure TLS (including client certificates) on RabbitMQ 3.7.x for Windows?

  2. Why does RabbitMQ crash or terminate when SSL certificates are configured?

  3. Is this behavior expected on Windows with Erlang 22, or does it indicate a known issue?

  4. How can TLS be enabled for both AMQP (5671) and Management UI (15671) without destabilizing the service?

Any guidance or recommendations would be greatly appreciated.

Reply all
Reply to author
Forward
0 new messages