Trying to get Mattermost Desktop app working with my CA

Hello again, I’m trying to get the Mattermost Desktop client on Linux working and am having an issue.

WebSocket connection untrusted despite trusting certificate

Steps to reproduce

  • Set up Mattermost 7.7.0 server with a cert signed by your own CA
  • Install the Linux client on an Ubuntu host
  • Install your root CA in /usr/local/share/ca-certificates
  • Run update-ca-certificates
  • Connect with the Linux client
  • Wait a few seconds

Expected behavior
I would have expected the app to take the CA certs from the trust store and accept my server certificate, but it doesn’t.

Observed behavior
It asks me to trust the certificate my server presents - my first clue that something is amiss. I do that, and I can verify that it’s added to .config/Mattermost/certificate.json, but a few seconds after logging in I get the red bar saying the WebSockets connection is gone. If I check /var/log/syslog I see errors like:

DING: ----- Certificate i=0 (,O=MY.DOMAIN) -----
DING: ERROR: No matching issuer found

Then a bunch of repeated handshake failed and Ignoring certificate for unmatched origin wss://

I’ve verified with openssl that my cert does indeed exist at the end of my /etc/ssl/certs/ca-certificates.crt file with a matching subject to the first log line above.


Hi @briand,

this is a regression of the newer clients unfortunately, in the meantime you will have to manually add the wss:// protocol to your certificate.json, as outlined in this GitHub issue:

Very good, thanks so much for the reply! I should have been able to figure this one out, sorry!

No worries, thanks for confirming that it works now.
Hope this makes it into 5.3 :slight_smile: