Unknown CA Error
pfri...@gmail.com
I've been working an issue in setting up a new RabbitMQ federation connection. The use case is we're upgrading/migrating from Windows Server 2012 to Windows Server 2019. The developer who originally configured everything left the company shortly before we started the migration, and I'm coming into this with no prior RabbitMQ knowledge. With that being said, he left some pretty decent documentation behind and I've configured/updated most everything, but I'm receiving the following error on all of the federation upstream connections:
{tls_alert,{unknown_ca,"TLS client: In state certify at ssl_handshake.erl:1887 generated CLIENT ALERT: Fatal - Unknown CA\n"}}
I'm sure the fix will seem obvious in hindsight, but I'm at a loss regarding how to proceed. I've verified that the CA/Intermediate certificates are present in the Trusted CA store on all servers, (Note: my company uses our own CA for internal applications) and double and triple-checked to make sure everything is pointing to the right location.
Here's the relevant
configuration settings form the webserver (upstream)
{ssl_listeners, [{"0.0.0.0", 5671}]},
{ssl_options, [ {cacertfile, "D:\\AppSetting\\RabbitMQ\\certs\\PrivateCA.cer"},
{certfile, "D:\\AppSetting\\RabbitMQ\\certs\\WebServerCert.crt"},
{keyfile, "D:\\PGSSetting\\RabbitMQ\\certs\\WebServerKey.key"},
{versions, ['tlsv1.2']},
{depth, 2},
{verify, verify_peer},
{fail_if_no_peer_cert, true}]},
And here's the amqps
URI on the RabbitMQ server:
amqps://webserver.company.com?cacertfile=D:\AppSetting\RabbitMQ\certs\PrivateCA.cer&certfile=D:\AppSetting\RabbitMQ\certs\RabbitMQServer.crt&keyfile=D:\AppSetting\RabbitMQ\certs\RabbitMQServerKey.key&verify=verify_peer&fail_if_no_peer_cert=true&auth_mechanism=external&server_name_indication=webserver.company.com