SSL certificates errors in healthcheck

Hi all,

I have been using passbolt on Docker for some time now, and it works nicely for now. I would like to test it on a server to grasp all the different steps and to put it in place to work with a team, not juste to store some test password on the internet.

My configuration: Debian 9.3, nginx,php7.0,mariaDB and passbolt 1.6.9.

I’m using a wildcard certificate(with password) for https that works fine with nginx. But when doing the healthcheck, I can’t seem to pass the SSL check, I have others issues but I will look into them once I have solved these:
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
stream_socket_client(): Failed to enable crypto
stream_socket_client(): unable to connect to ssl://URL:443 (Unknown error)

I had other errors before because of the default cacert inside lib/Cake/Config that don’t appear anymore, but It still doesn’t work.

I generated a p12 certificate to generate the cacert.pem, with and without a password. I also tried different thing with my certificates (I have: .cert,csr,key,chain if it helps) but nothing seems to work.

Is there something obvious I’m missing or is it because of the password or the wildcard?

Thanks for your help, and sorry for my English.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.

You can try reinstalling Wildcard SSL, Now Let’s Encrypt provides it free. I installed follow this instruction here and working now.

saying that you use self-signed means your certs are not being applied,hopefully you skipped that step where in installataion when self signed are created. check in /etc/nginx/sites-enabled and in ssl/tmpl, there are configuration files pointing to certs,find both places and see from where its pulling wrong certs.
then do service nginx restart.
I think that when you say {with password} that is what makes problem,also there is another place where you should leave no password I can’t fully rember, search install guide.

you can follow the mentioned comment to solve the issue, I think the problem will be solved properly.