We're Hiring!

Mattermost, Inc.

Mattermost mac desktop app

I am trying to get the app to work with self-signed certificate. I know after reading it says that it cannot be done without lets encrypt at least, but I was curious

I have setup keys using openssl in /opt/mattermost/ and pointed to this in the main menu->system console->web server
enabled TLS
TLS cert pointed to file
TLS key pointed to file
reboot

I can see in the browser I can get to the site after getting the chrome not secure wanring and everyhting is fine. Then on my mac I tried the app, I put the url and it complained about not trusted cert (sorry, forget exactly what it said) but then I had an option to conitnue anyway, it took a minute but continued and its working.

However, in my journalctl I have these entrie when I tried the app and it worked.

Nov 26 11:22:13 virtual.smbservices.ca mattermost[27157]: {“level”:“error”,“ts”:1606407733.851918,“caller”:“http/server.go:3053”,“msg”:“http: TLS handshake error from 1.2.3.4:60075: remote error: tls: unknown certificate”,“source”:“httpserver”}

so does this mean its defaulting to port 80 with unsecure or just complained about my self signed but used it anyways?

edited:
actually when I refresh the browser I get the same message in the journal. So I think this works as self signed just complaining…

That’s precisely what it is; when you generate a certificate with LetsEncrypt, it contacts the LetsEncrypt servers and the actual certificates are validated by the LetsEncrypt servers (therefore being trusted), however, when using OpenSSL, you aren’t contacting or using a trusted CA (Certificate Authority) and therefore, while your traffic will be encrypted, it will never be fully HTTPS as the browser will never recognize it as a fully legitimate certificate, for it did not come from a trusted Certificate Authority such as letsencrypt, etc.

1 Like