Closed peterhoeg closed 5 years ago
On a configuration with both SRV and .well-known set up, the tester should return the correct information for both delegation mechanisms.
This sounds like a duplicate of #37.
In your case, the federation tester is correctly showing that your server is misconfigured, and is presenting a (self-signed) certificate for hoeg.com
rather than matrix.hoeg.com
. This will not work once other servers in the federation update to Synapse 1.0.
I'm afraid I'm not familiar with testssl.sh
. Using openssl s_client
:
$ openssl s_client -connect matrix.hoeg.com:8448 -servername matrix.hoeg.com
CONNECTED(00000003)
depth=0 CN = hoeg.com
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = hoeg.com
verify return:1
---
Certificate chain
0 s:/CN=hoeg.com
i:/CN=hoeg.com
---
...
Apologies, my mistake.
On a configuration with both SRV and .well-known set up, the tester should return the correct information for both delegation mechanisms. It looks like it basically reads the cert from the wrong server.
What happened:
Running https://federationtester.matrix.org/api/report?server_name=hoeg.com, I am given errors about using the wrong certificate
"x509: certificate is valid for hoeg.com, not matrix.hoeg.com"
Using testssl.sh, I can see the correct certificate:
Further to #61