Set up Mattermost 7.7.0 server with a cert signed by your own CA
Install the Linux client on an Ubuntu host
Install your root CA in /usr/local/share/ca-certificates
Run update-ca-certificates
Connect with the Linux client
Wait a few seconds
Expected behavior
I would have expected the app to take the CA certs from the trust store and accept my server certificate, but it doesn’t.
Observed behavior
It asks me to trust the certificate my server presents - my first clue that something is amiss. I do that, and I can verify that it’s added to .config/Mattermost/certificate.json, but a few seconds after logging in I get the red bar saying the WebSockets connection is gone. If I check /var/log/syslog I see errors like:
DING: ----- Certificate i=0 (CN=mattermost.my.domain,O=MY.DOMAIN) -----
DING: ERROR: No matching issuer found
Then a bunch of repeated handshake failed and Ignoring certificate for unmatched origin wss://mattermost.my.domain
I’ve verified with openssl that my cert does indeed exist at the end of my /etc/ssl/certs/ca-certificates.crt file with a matching subject to the first log line above.
this is a regression of the newer clients unfortunately, in the meantime you will have to manually add the wss:// protocol to your certificate.json, as outlined in this GitHub issue:
