I am currently running an internal trial to decide whether the company uses MM as its new chat app.
I have a server in pre-production using an internal namespace with an NGINX proxy that has been signed by the company CA server. This all works fine for the most part. The underlying Ubuntu server now has the cacerts of my private tree installed.
I have seen in the troubleshooting guide that internal signing isn’t supported by the app itself.
Using matterpoll or anything with ephemeral interactive buttons the buttons don’t work. The server generates an x509 error.
{“level”:“error”,“ts”:1565374462.2017803,“caller”:“mlog/log.go:172”,“msg”:“Action integration error”,“path”:“/api/v4/posts/1ykc4a6xkiry5p36s4zagkyqby/actions/uot7xarrzi8odj86q45o79rtdo”,“request_id”:“z6fishwn83btxncaqoi3cpoysw”,“ip_addr”:“172.27.27.215”,“user_id”:“14hnsq4o97fjikqwgepf43hfcw”,“method”:“POST”,“err_where”:“DoActionRequest”,“http_code”:400,“err_details”:“err=Post https:// internal domain /plugins/com.github.matterpoll.matterpoll/api/v1/polls/jp88eizn37gndpa6d54hmqr5dc/delete: x509: certificate signed by unknown authority”}
If I set Enable Insecure Outgoing Connections to true then the buttons work again.
I can only assume that the mattermost server app itself is establishing a connection over TLS, going through its own NGINX proxy and finding an untrusted certificate.
Is there any way to get mattermost app to establish trust with an internal CA or am I readying this wrong?
Kind Regards,
Rhys