Sometimes with the SeaFile Desktop Syncing Clients, I got the error mesage below.
What that means ? How I can check that the new RSA key fingerprint is mine and not a fake one ?
Have a nice day.
You have to include full chain certificate in nginx/apache.
Sorry, but could you explain more ? Indeed, in my conf. file I already put theses lines regarding the certificate : ssl_certificate /etc/mywebsite/fullchain.pem;ssl_certificate_key /etc/mywebsite/privkey.pem;ssl_trusted_certificate /etc/mywebsite/chain.pem;
What is missing ?
Does this happen if connecting to wifi hotspots or changing the network generally? It might be possible that some firewall systems cause this.
You can analyze your server chain here: https://www.sslshopper.com/ssl-checker.html
Could also be a security firewall that intercepts the connection and puts its own cert in between after approval if the actual cert is invalid/selfsigned.
remove that one. You need the full chain to ssl_certificate and thats all.
Yes that's what i meant.
This error message occurs only with the Desktop Syncing Clients on my local network. The most strange is that I don't get it at each connection. Only somtimes (I didn't detect any periodicity at that time).
When I check my website with https://www.sslshopper.com/ssl-checker.html, the result is fully green.
Certificate is not selfsigned and I check that it's up to date.
@drdrake : what is the interest of ssl_trusted_certificate ? That adds more security ?
I don't think that is used at all in ssl config. You only need the full chain in ssl cert and the key.
I added this option based on this explanation : http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate