Untrusted connection with Desktop Syncing Clients

Hello,

Sometimes with the SeaFile Desktop Syncing Clients, I got the error mesage below.

What that means ? How I can check that the new RSA key fingerprint is mine and not a fake one ?

Have a nice day.

You have to include full chain certificate in nginx/apache.

Hello,

Sorry, but could you explain more ? Indeed, in my conf. file I already put theses lines regarding the certificate :
ssl_certificate /etc/mywebsite/fullchain.pem;
ssl_certificate_key /etc/mywebsite/privkey.pem;
ssl_trusted_certificate /etc/mywebsite/chain.pem;

What is missing ?

Have a nice day.

Does this happen if connecting to wifi hotspots or changing the network generally? It might be possible that some firewall systems cause this.

You can analyze your server chain here: https://www.sslshopper.com/ssl-checker.html

Could also be a security firewall that intercepts the connection and puts its own cert in between after approval if the actual cert is invalid/selfsigned.

remove that one. You need the full chain to ssl_certificate and thats all.

Yes that’s what i meant.

Hello,

This error message occurs only with the Desktop Syncing Clients on my local network. The most strange is that I don’t get it at each connection. Only somtimes (I didn’t detect any periodicity at that time).

When I check my website with https://www.sslshopper.com/ssl-checker.html, the result is fully green.

Certificate is not selfsigned and I check that it’s up to date.

@drdrake : what is the interest of ssl_trusted_certificate ? That adds more security ?

I don’t think that is used at all in ssl config. You only need the full chain in ssl cert and the key.

Hello,

I added this option based on this explanation : http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate

Have a nice day.