Hello!
I'm trying to use ssl in container from your image rabbitmq:3-management-alpine.
Client sends both cert and key, but rabbit answers:
SSL: certify: ssl_handshake.erl:1606:Fatal error: unknown ca
Client's and server's certs are signed by the same intermediate CA.
Server's container starts with following settings:
RABBITMQ_SSL_CERTFILE: /etc/pki/tls/certs/rabbit-01.mydomain.org.pem
RABBITMQ_SSL_KEYFILE: /etc/pki/tls/private/rabbit-01.mydomain.org-key.pem
RABBITMQ_SSL_CACERTFILE: /etc/pki/tls/certs/ca.bundle.pem
ca.bundle.pem contains root CA cert and intermediate CA.
If I create a chain from client cert and CA bundle - it works. But I need to send only certificate from the client.
I think, that I need 'depth' setting, but there is no way to add it to config file in container.
Please, can you add it?
I have the same problem.
Me to
hm, looks suspicious...
The above comments and reactions do seem staged and produced by a group of coworkers or similar upvoting each other. That's not how you make changes happen in open source projects. Contributing and submitting pull request for consideration is.
@tianon @yosifkit just a bit of perspective from the RabbitMQ team. Supporting TLS verification depth is essential as peer verification in some cases cannot be used without modifying the depth. So even if we ignore the upvoting fest above this is a high priority issue if you ask me.
Appologies for this stuff from the team. The problem is really urgent and important for me
@michaelklishin thanks :heart:
I'll make a PR shortly to add depth. :+1:
Most helpful comment
Me to