"certificate signed by unknown authority"

Hello All,

Trying to create a discovery server. Clients do not like the self signed cert. Keep getting “connection reset by peer” on the debug while running strelaysrv

Read the docs, in particular the bit with the text

The discovery server prints it’s device ID at startup. In the case where you are using a non CA signed certificate, this device ID (fingerprint) must be given to the clients in the discovery server URL

Thanks, the “non CA signed certificate” error seems to have gone away with the ID included just after the https://ipaddress:22067?id=this-is-the-id. Now I am seeing “Protocol negotiation error” and “Certificate list error”

Also seeing “magic mismatch” just after the ID

New discovery server should have a /v2 suffix as the URL. I think it prints the URL as it starts, you should just use that.

1 Like

I don’t see that, running:

“strelaysrv v0.14.8+11-g29ccf10 (go1.7.1 linux-amd64) jenkins@build.syncthing.net

Maybe it needs a debug or verbose flag to print that, anyway, try adding a /v2 to the url.

1 Like

To be honest, it’s all explained in the docs: https://docs.syncthing.net/users/stdiscosrv.html

1 Like

Not really, I still get the following errors with /v2/ in place

016/10/11 10:21:15 listener.go:73: Protocol negotiation error 2016/10/11 10:21:15 listener.go:79: Certificate list error

The client is using either outdated ciphers or is not providing a client certificate for client identity. I suspect its not syncthing connecting to the discovery server

1 Like

After each successful “Listener accepted connection from x.x.x.x” I get:

2016/10/11 10:57:27 listener.go:73: Protocol negotiation error 2016/10/11 10:57:27 listener.go:79: Certificate list error

This is from two “client” systems, different OS, build, etc

I am a bonehead, problem was all me, I was working with the relay when I just needed to setup a disco server

Thanks, A

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.