Self signet certificate

[RazerStvH]

Can't login to my server using self signed certificate. Even if this certificate trusted for my OS. Even if i used my own root CA.

If i using just self signet certificate, i have this: "error trying to connect: invalid peer certificate: Other(CaUsedAsEndEntity)" If i using my own root CA, i have this: "error trying to connect: invalid peer certificate: UnknownIssuer"

Anyway my server work well with android SchildiChat/Element, and with matrix-commander. But also doesn't work with Element/SchildiChat on windows and linux.

OS: Arch Linux

[mordquist]

As iamb uses rustls by default, it does not use the system trust store. What happens if you build iamb with native TLS as described here?

I'm curious, any particular reason for not using a "proper" certificate from Let's Encrypt or similar?

[RazerStvH]

It does. I want to see notification every time when i sing in. I can see fingerprint of my certificate. And i like to do it manualy.

[RazerStvH]

And by the way, I found a solution for Element and SchildiChat. You need to specify --ignore-certificate-errors at startup. Maybe it will help someone. I initially contacted iamb in order to check if it would work. But as it turns out, it also uses its own certificate store.

[mordquist]

It does.

Do you mean that it does work if you use native TLS when building iamb?

And i like to do it manualy.

Do you mean that you like to handle certificate issuance by yourself?

How do you handle federation in that case since no other server will trust your CA? Or do you simply run an unfederated server where every user needs to trust your CA or skip certificate checking?

[RazerStvH]

I needed a small private server, no more. I don't need the Federation.

The problem was that I couldn't log in to the server from the PC. At the same time, I could log in from android. But I have already found a solution.

I understand that it does not make sense to issue certificates on my own, but I do not need a valid certificate, due to the lack of federation.