SSL Certificate Error on RC-Windows-Installation

zmwrc · July 24, 2020, 7:47am

Description

We are a company located in germany and we are using the on-premise version of Rocketchat.
The Rocketchat-Server was set up after the official guideline using Docker and Nginx as the Reverse-Proxy:

https://docs.rocket.chat/installation/docker-containers/
https://docs.rocket.chat/installation/manual-installation/configuring-ssl-reverse-proxy

We were using self-signed certificates from our Windows-CA as well as official/public certificates. Both certificate-types were accepted by our network-internal Windows-Clients using Firefox when accessing our Rocketchat-Server over Webbrowser (HTTPS) without giving a security warning or certificate error. It just worked.

However when we tried to access the Rocketchat-Server over the Windows-Installation of Rocketchat (with both, public- and self-signed certificate) it always gave us the following error:

zmwrc zertifikatsfehler
In this screenshot you can see our public wildcard certificate being used in our Nginx-Config (/etc/nginx/sites-enabled/default)

So our question would be how to fix this error.

Server Setup Information

Version of Rocket.Chat Server: 3.4.1
Operating System: Ubuntu LTS 20.04 (CLI-only)
Deployment Method: Docker
Number of Running Instances: 1
DB Replicaset Oplog:
NodeJS Version: v12.16.1
MongoDB Version: 4.0.19
Proxy: Nginx (as an Reverse-Proxy)
Firewalls involved: Yes; Fortigate 100E

Any additional Information

Config of /etc/nginx/sites-enabled/default:

Upstreams
upstream backend {
server 127.0.0.1:3000;
}

HTTPS Server
server {
listen 443;
server_name ;

You can increase the limit if your need to.
client_max_body_size 200M;

error_log /var/log/nginx/rocketchat.access.log;

ssl on;
ssl_certificate /etc/nginx/zmw-chainoftrust.crt;
ssl_certificate_key /etc/nginx/priv.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
ssl_verify_client off;
ssl_trusted_certificate /etc/nginx/trustchain.pem;

location / {
    proxy_pass http://backend;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;

    proxy_ssl_trusted_certificate /etc/nginx/zmwrc.crt;
    proxy_ssl_verify off;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Nginx-Proxy true;

    proxy_redirect off;
}

}

Topic		Replies	Views
Setting your own certificate to https for rocket chat Community Support	1	373	March 25, 2022
Rocketchat with Nginx reverse proxy Community Support	3	5406	August 17, 2018
SSL/Reverse Proxy Issues... maybe? (Not ROOT_URL Problem) Community Support	1	2050	April 25, 2019
Can't connect to self signed certificate https server using Android app Mobile Apps android	10	8191	June 20, 2020
Rocket chat iPhone Rocket wclientapplication Community Support	2	433	July 16, 2021

Join our Community Open Call tomorrow where we'll share more details regarding recent changes and answer questions about updating your workspace to the latest Rocket.Chat

SSL Certificate Error on RC-Windows-Installation

Description

Server Setup Information

Any additional Information

Related Topics