Mattermost, Inc.

DRAFT: Troubleshooting "Token request failed" errors

The most common issue with “Token request failed” errors is having certificates incorrect configured in Apache or Ngnix.

Here are troubleshooting steps depending on how your certificate was obtained:

1) Certificates issued by a major Certificate Authority

If you obtained your certificate from a major certificate authority (for example GoDaddy.com) please test your certificate is working on your existing website by either:

A) running openssl s_client -connect mattermost.your-server.com:443 -quiet from the command line or

B) testing your certificate on https://www.ssllabs.com/ssltest/analyze.html

2) Certificates issued by Internal Certificate Authority

If you got your certificate from an Internal Certificate Authority at your company, please contact the issuer to confirm the certificate is working properly.

The vast majority of “Token request failed” errors come from an error made in obtaining the certificate from an Internal Certificate Authority.

Once corrected, Mattermost works fine with these certificates.

3) Using self-signed certificates not created by a Certificate Authority

In theory these is an option to create a self-signed certificate that isn’t associated with a Certificate Authority, and is manually loaded into your browser.

There hasn’t been a report yet of this working with Mattermost, and most commonly when someone says they’re using a “self-signed” certificate they actually mean in their in situation 2), where an Internal Certificate Authority issued the certificate.

These troubleshooting suggestions are in draft, open to feedback from members of the community who’ve had more experience with these different certificate setups