Set up Mattermost 7.7.0 server with a cert signed by your own CA
Install the Linux client on an Ubuntu host
Install your root CA in /usr/local/share/ca-certificates
Connect with the Linux client
Wait a few seconds
I would have expected the app to take the CA certs from the trust store and accept my server certificate, but it doesn’t.
It asks me to trust the certificate my server presents - my first clue that something is amiss. I do that, and I can verify that it’s added to .config/Mattermost/certificate.json, but a few seconds after logging in I get the red bar saying the WebSockets connection is gone. If I check /var/log/syslog I see errors like:
DING: ----- Certificate i=0 (CN=mattermost.my.domain,O=MY.DOMAIN) -----
DING: ERROR: No matching issuer found
Then a bunch of repeated handshake failed and Ignoring certificate for unmatched origin wss://mattermost.my.domain
I’ve verified with openssl that my cert does indeed exist at the end of my /etc/ssl/certs/ca-certificates.crt file with a matching subject to the first log line above.