tester does not give useful information about certificate fails

matrix-org / matrix-federation-tester

Tester for matrix federation written in golang.

78 stars 17 forks source link

tester does not give useful information about certificate fails #56

Closed richvdh closed 5 years ago

richvdh commented 5 years ago

The federation tester just seems to give a binary "ValidCertificates": false, which isn't terribly helpful (and the UI turns into a warning about self-signed certs, whether or not the problem is that the cert is self-signed).

We should give better feedback on what's wrong with the cert - possibly in the Errors or Info fields of the connection report.

arsylum commented 5 years ago

I agree that in some cases it is not clear what the actual problem is -

      "IssuerCommonName": "Let's Encrypt Authority X3",
(...)
      "Errors": [
        {
          "Message": "x509: certificate signed by unknown authority"
        }
      ],

Solution was: Using the fullchain.pem provided by certbot, not the cert.pem as I did

anoadragon453 commented 5 years ago

A good start is surfacing the Errors array in the UI.