search

mjl- / mox

modern full-featured open source secure mail server for low-maintenance self-hosted email
https://www.xmox.nl
MIT License
3.38k stars 89 forks source link

Using self-signed certificate with macOS client, browser reports TLS error after period of time #130

Open haraldrudell opened 5 months ago

haraldrudell commented 5 months ago

Using self-signed certificates and clicking through unsafe connect in the client browser

After 24 hours connection fails and mox log has:

Feb 15 04:48:48 c68z mox[2639743]: l=info m="https error" err="http: TLS handshake error from 192.168.1.21:60218: remote error: tls: unknown certificate" pkg=http pkg=net/http

reloading the page resumes normal operation

— is there something that can be fixed — or is this unavoidable due to macOS rejection of certificates not in browser certificate store?

mjl- commented 4 months ago

I suspect this means the macos client only remembers the "continue unsafely" choice for 24 hours. You mention you can reload the page. Does that prompt again for accepting the self-signed cert? And which browser is this?

The error message contains "remote error: tls: unknown certificate". That means the remote is sending a TLS alert to us that they don't recognize our cert as valid.