Mattermost Peer-to-Peer Forum

[solved] Mobile App(Android) TLS handshake error

#1

I’ve got Mattermost server version 5.9 with configured SSL(my own certificate, issued by rapidssl).
Windows application works fine, IOS application also works fine. But android application cannot connect to server, on the server side in log messages I see:

{“level”:“info”,“ts”:1554454773.874336,“caller”:“http/server.go:1763”,“msg”:“http: TLS handshake error from 176.59.64.125:29159: remote error: tls: unknown certificate”,“source”:“httpserver”}
{“level”:“info”,“ts”:1554454774.1127157,“caller”:“http/server.go:1763”,“msg”:“http: TLS handshake error from 176.59.64.125:39251: remote error: tls: unknown certificate”,“source”:“httpserver”}
{“level”:“info”,“ts”:1554454774.7795985,“caller”:“http/server.go:1763”,“msg”:“http: TLS handshake error from 176.59.64.125:57096: remote error: tls: unknown certificate”,“source”:“httpserver”}
{“level”:“info”,“ts”:1554454775.319641,“caller”:“http/server.go:1763”,“msg”:“http: TLS handshake error from 176.59.64.125:4419: remote error: tls: unknown certificate”,“source”:“httpserver”}

Although thru browser chat works(on Android). This problem affects all Android devices(I’ve tried at least 5).

Here is server configuration:

"ServiceSettings": {
    "SiteURL": "https://chat.mydomain.com",
    "WebsocketURL": "",
    "LicenseFileLocation": "",
    "ListenAddress": "XXX.XXX.XXX.XXX:443",
    "ConnectionSecurity": "TLS",
    "TLSCertFile": "/opt/mattermost/cert/public.crt",
    "TLSKeyFile": "/opt/mattermost/cert/private.key",
    "TLSMinVer": "1.2",
    "TLSStrictTransport": false,
    "TLSStrictTransportMaxAge": 63072000,
    "TLSOverwriteCiphers": [],
    "UseLetsEncrypt": false,
    "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
    "Forward80To443": true,

The server works directly without proxy.

#2

Hi @AndreyChe,

Have you had a chance to take a look at this troubleshooting doc: https://docs.mattermost.com/mobile/mobile-troubleshoot.html#i-keep-getting-a-message-cannot-connect-to-the-server-please-check-your-server-url-and-internet-connection?

#3

Thank you, now it works. I had to put full chain in certificate file.