Cert not trusted error from windows app (single user)

Hi there,

We self host an MM instance (7.3.1) Recently one of our users has started reporting a cert error when opening the app on Windows. (they can access the website without issue).

“Cert from DigiCert . . . is not trusted”

(We don’t actually use DigiCert ::slight_smile:

"There is a configuration issues with this Mattermost server, or someone is trying to intercept your connection . . . "

Our cert is valid. I can’t see anything in the access.log that looks anomalous. This error has been reported since a recent upgradE (to 7.3.1) but only with a single user, at a specific location.

Has anyone seen anything like this . . . and do you have any troubleshooting suggestions?

Thanks for considering,

Image Pasted at 2022-9-15 08-39
Image Pasted at 2022-9-15 08-49

Hi Telezoic,

you’re using an outdated intermediate certifiate which references to an expired root certifiate. You can see that when you expand the “certification paths” in the Qualys output, see the screenshot:

Your certifiate has been renewed yesterday, could it be that the problems also started at this date?

www.cchsbc.ca definitely returns a wrong certificate, not sure if this is related to your issue here since the Qualys report was for chat.viulibrary.ca.

It could also very well be that this specific user of yours is going the wrong path and therefore gets this message. What operating system is this user on? There were some modifications necessary to the certificate trust store on Linux f.ex. in order to avoid the expired root CA certificate from Let’s encrypt, but this has been quite some time ago…
It boiled down to removing/commenting the X3 certificate in /etc/ca-certificates.conf and running update-ca-certificates again to update the store.

Thanks @agriesser. The problem predates the September 30 expiration. I see the X3 conversation - DST Root CA X3 Expiration (September 2021) - Let's Encrypt (our user is on Windows 10).

I will try and comment out / update the X3 cert and see what happens :slight_smile: