Clients can't connect to rabbitmq if an internal certificate with intermediaries is used

Description

In case of an internal cert with intermediaries, which would happen when using a cert provided by a public CA, rabbitmq will serve the cert incorrectly, and clients (mgmtworker, restservice) won't be able to connect.

The solution is:

  • in rabbitmq 'certfile', the server cert must be provided (TODO: the intermediaries CAN be provided in the bundle as well, but check if they're required here). Ie. the internal_cert_path input can be used.

  • in rabbitmq 'cacertfile', a bundle must be provided, including all intermediaries and the CA (in that order)

Steps to Reproduce

Environment:
OS (CLI), HA cluster, cloud provider
------------------------------------

Steps to reproduce:
------------------
1. Use internal cert with intermediaries:

  • for internal_cert_path, provide a bundle with the server cert and intermediaries

  • for ca_cert_path provide the CA
    2. Run cfy_manager install

Expected result:
---------------
Clients are able to connect to rabbitmq

Actual result:
-------------
Mgmtworker can't connect to rabbitmq

Why Propose Close?

None

Status

Assignee

Łukasz Maksymczuk

Reporter

Łukasz Maksymczuk

Labels

None

Severity

High

Target Version

4.4

Premium Only

no

Found In Version

4.3

QA Owner

Uri Wygodny

Bug Type

legacy bug

Customer Encountered

Yes

Customer Name

None

Release Notes

no

Priority

None

Epic Link

Sprint

None

Priority

Unprioritized
Configure