SSL Certificate Error on RC-Windows-Installation


We are a company located in germany and we are using the on-premise version of Rocketchat.
The Rocketchat-Server was set up after the official guideline using Docker and Nginx as the Reverse-Proxy:

We were using self-signed certificates from our Windows-CA as well as official/public certificates. Both certificate-types were accepted by our network-internal Windows-Clients using Firefox when accessing our Rocketchat-Server over Webbrowser (HTTPS) without giving a security warning or certificate error. It just worked.

However when we tried to access the Rocketchat-Server over the Windows-Installation of Rocketchat (with both, public- and self-signed certificate) it always gave us the following error:

zmwrc zertifikatsfehler
In this screenshot you can see our public wildcard certificate being used in our Nginx-Config (/etc/nginx/sites-enabled/default)

So our question would be how to fix this error.

Server Setup Information

  • Version of Rocket.Chat Server: 3.4.1
  • Operating System: Ubuntu LTS 20.04 (CLI-only)
  • Deployment Method: Docker
  • Number of Running Instances: 1
  • DB Replicaset Oplog:
  • NodeJS Version: v12.16.1
  • MongoDB Version: 4.0.19
  • Proxy: Nginx (as an Reverse-Proxy)
  • Firewalls involved: Yes; Fortigate 100E

Any additional Information

Config of /etc/nginx/sites-enabled/default:

upstream backend {

HTTPS Server
server {
listen 443;
server_name ;

You can increase the limit if your need to.
client_max_body_size 200M;

error_log /var/log/nginx/rocketchat.access.log;

ssl on;
ssl_certificate /etc/nginx/zmw-chainoftrust.crt;
ssl_certificate_key /etc/nginx/priv.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
ssl_verify_client off;
ssl_trusted_certificate /etc/nginx/trustchain.pem;

location / {
    proxy_pass http://backend;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;

    proxy_ssl_trusted_certificate /etc/nginx/zmwrc.crt;
    proxy_ssl_verify off;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Nginx-Proxy true;

    proxy_redirect off;