For troubleshooting questions, please post in the following format:
Summary
SSL is not starting on my internal server.
Steps to reproduce
Version: 4.0.0 (4.0.2)
Database: mysql
We have an internal Root CA and i have generated the public key and private key for the mattermost server. When i copy the key to the mattermost server, configure the same in the system console and restart the server, i am getting this error
Thanks. I did some testing and confirmed that generating keys using OpenSSL does work. Maybe you’re using different parameters that we don’t support though?
Here are the steps I’m using for OpenSSL:
Generate a private key: openssl genrsa -out ./mattermost.local.key 2048
Generate a CSR for that private key: openssl req -new -key ./mattermost.local.key -out ./mattermost.local.csr
Have the private CA create a signed certificate for that CSR: openssl x509 -req -days 7300 -in mattermost.local.csr -CA ca.crt -CAkey ca.key -out mattermost.local.crt -set_serial 01 -sha256
Configure Mattermost to use the private key and certificate:
If there’s anything you’re doing differently that you think should work, let me know and I’ll see if I can reproduce the issue and file it as a bug if appropriate.
This server could not prove that it is mattermost.toradex.int; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.
Do we need to reconfigure the certificate and add additional parameters?
The “Unable to setup forwarding” error is happening because by default, Ubuntu doesn’t allow processes to bind to ports lower than 1024. You’ll need to give mattermost the “cap_net_bind_service” capability as described here: https://docs.mattermost.com/install/config-tls-mattermost.html
As for the “server could not prove that it is mattermost.toradex.int” error, I’m guessing yes, you probably need to add additional parameters to the certificate. Perhaps this stack overflow answer will work for you? https://stackoverflow.com/a/43665244
The video call is not going through. I am seeing this error in the log file
[2017/08/21 11:25:20 CEST] [EROR] /api/v4/webrtc/token:WebRTC.Token code=500 rid=m4spg9ge47n5zki5i5n8zw74wr uid=um7x7zhsh7gxjbiqxxirujkw5o ip=10.18.0.116 We encountered an error while connecting to the server [details: Post https://mattermost.toradex.int:7089/admin: x509: certificate is valid for dockerhost, not mattermost.toradex.int]
Please tell me how to replace the certificate for the docker?