SSL Certificate Error on RC-Windows-Installation

zmwrc · July 24, 2020, 7:47am

Description

We are a company located in germany and we are using the on-premise version of Rocketchat.
The Rocketchat-Server was set up after the official guideline using Docker and Nginx as the Reverse-Proxy:

https://docs.rocket.chat/installation/docker-containers/
https://docs.rocket.chat/installation/manual-installation/configuring-ssl-reverse-proxy

We were using self-signed certificates from our Windows-CA as well as official/public certificates. Both certificate-types were accepted by our network-internal Windows-Clients using Firefox when accessing our Rocketchat-Server over Webbrowser (HTTPS) without giving a security warning or certificate error. It just worked.

However when we tried to access the Rocketchat-Server over the Windows-Installation of Rocketchat (with both, public- and self-signed certificate) it always gave us the following error:

zmwrc zertifikatsfehler
In this screenshot you can see our public wildcard certificate being used in our Nginx-Config (/etc/nginx/sites-enabled/default)

So our question would be how to fix this error.

Server Setup Information

Version of Rocket.Chat Server: 3.4.1
Operating System: Ubuntu LTS 20.04 (CLI-only)
Deployment Method: Docker
Number of Running Instances: 1
DB Replicaset Oplog:
NodeJS Version: v12.16.1
MongoDB Version: 4.0.19
Proxy: Nginx (as an Reverse-Proxy)
Firewalls involved: Yes; Fortigate 100E

Any additional Information

Config of /etc/nginx/sites-enabled/default:

Upstreams
upstream backend {
server 127.0.0.1:3000;
}

HTTPS Server
server {
listen 443;
server_name ;

You can increase the limit if your need to.
client_max_body_size 200M;

error_log /var/log/nginx/rocketchat.access.log;

ssl on;
ssl_certificate /etc/nginx/zmw-chainoftrust.crt;
ssl_certificate_key /etc/nginx/priv.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
ssl_verify_client off;
ssl_trusted_certificate /etc/nginx/trustchain.pem;

location / {
    proxy_pass http://backend;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;

    proxy_ssl_trusted_certificate /etc/nginx/zmwrc.crt;
    proxy_ssl_verify off;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Nginx-Proxy true;

    proxy_redirect off;
}

}

Topic		Replies	Views
Setting your own certificate to https for rocket chat Community Support	1	512	March 25, 2022
Rocketchat with Nginx reverse proxy Community Support	3	5660	August 17, 2018
SSL/Reverse Proxy Issues... maybe? (Not ROOT_URL Problem) Community Support	1	2133	April 25, 2019
Can't connect to self signed certificate https server using Android app Mobile Apps android	10	8542	June 20, 2020
Rocket chat iPhone Rocket wclientapplication Community Support	2	491	July 16, 2021

[Rocket.Chat v7.0: Join the webinar] Roadmap Reveal: on-prem AI, VoIP, and more! Save your seat ->

SSL Certificate Error on RC-Windows-Installation

Description

Server Setup Information

Any additional Information

Related topics