ssl certificate unknown

[lungta...@gmail.com]

Hi,
we want to use ssl in rabbitMQ, and we did the whole process according to the tutorial. Shockingly, rabbitMQ worked very well on some servers, however, when we redid it on another server, rabbit.log wrote the following log repetitively after the rabbitmq server was started up.

rabbit.log:
=ERROR REPORT==== 23-Jan-2018::19:19:49 ===
SSL: certify: ssl_alert.erl:93:Fatal error: certificate unknown

=ERROR REPORT==== 23-Jan-2018::19:19:54 ===
SSL: certify: ssl_alert.erl:93:Fatal error: certificate unknown

=ERROR REPORT==== 23-Jan-2018::19:19:56 ===
SSL: certify: ssl_alert.erl:93:Fatal error: certificate unknown

=ERROR REPORT==== 23-Jan-2018::19:19:56 ===
SSL: certify: ssl_alert.erl:93:Fatal error: certificate unknown
......

The steps we did mainly include:
1.use openssl command to create root certificate, server certificate and client sertificate.

2.configure the rabbitmq.config, open ssl port 5671 and ssl options as follows:
......
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile, "/etc/rabbitmq/ssl/ca/cacert.pem"},

{certfile, "/etc/rabbitmq/ssl/server/qrtp.server.cert.pem"},

{keyfile, "/etc/rabbitmq/ssl/server/qrtp.server.key.pem"},

{verify, verify_peer},

{fail_if_no_peer_cert, true}]},
.....

where did we do wrong?

Thank you for any help!

[Luke Bakken]

Hello,

If it works on some other servers, but not this one, you should carefully check to see what is different. There are several different causes for the error being logged.

I recommend going through our troubleshooting guide - http://www.rabbitmq.com/troubleshooting-ssl.html

Thanks -

Luke

[lungta...@gmail.com]

Thank you Luke.
In fact, we just did what you suggest before. Unfortunately, it didn't work. we plan to rebuild the environment from scratch.
Thanks again~