References:

• Verification of ssl client / server options could be more user friendly erlang/otp#8066
• OAuth 2: support multiple resources, extract an OAuth 2 client #10012 (comment)

API: https://www.erlang.org/doc/man/public_key#cacerts_get-0

Anywhere SSl/TLS is configured in RabbitMQ, if the user does not configure cacertfile or cacerts, RabbitMQ should automatically use public_key:cacerts_get/0 to load the system certificates.

If, after doing all of that, RabbitMQ could set verify to verify_none. Otherwise, the ssl functions will fail as reported in erlang/otp#8066

Note that I've never seen cacerts used in practice.