`Bad Certificate` error messages when talking with mastodon.org.uk - Their cert is from COMODO
Having trouble communicating with mastodon.org.uk. I see the following errors when trying to fetch user @pla@mastodon.org.uk
from pla.social using the Pleroma FE. Their cert is from COMODO RSA Domain Validation Secure Server CA. Is COMODO not an approved certificate authority for Pleroma?
Aug 22 20:18:47 pla-social mix[25452]: 20:18:47.766 [info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:1316 generated CLIENT ALERT: Fatal - Bad Certificate', 10] Aug 22 20:18:47 pla-social mix[25452]: 20:18:47.986 [info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:1316 generated CLIENT ALERT: Fatal - Bad Certificate', 10] Aug 22 20:18:48 pla-social mix[25452]: 20:18:48.209 [info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:1316 generated CLIENT ALERT: Fatal - Bad Certificate', 10] Aug 22 20:18:48 pla-social mix[25452]: 20:18:48.527 [info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:1316 generated CLIENT ALERT: Fatal - Bad Certificate', 10] Aug 22 20:18:48 pla-social mix[25452]: 20:18:48.746 [info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:1316 generated CLIENT ALERT: Fatal - Bad Certificate', 10] Aug 22 20:18:48 pla-social mix[25452]: 20:18:48.963 [info] ['TLS', 32, 'client', 58, 32, 73, 110, 32, 115, 116, 97, 116, 101, 32, 'certify', 32, 'at ssl_handshake.erl:1316 generated CLIENT ALERT: Fatal - Bad Certificate', 10]
Curl output looks OK from pla.social.
pla-social:~$ curl -v https://mastodon.org.uk
- Rebuilt URL to: https://mastodon.org.uk/
- Trying 89.41.169.53...
- TCP_NODELAY set
- Connected to mastodon.org.uk (89.41.169.53) port 443 (#0)
- ALPN, offering h2
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
- TLSv1.2 (OUT), TLS handshake, Client hello (1):
- TLSv1.2 (IN), TLS handshake, Server hello (2):
- TLSv1.2 (IN), TLS handshake, Certificate (11):
- TLSv1.2 (IN), TLS handshake, Server key exchange (12):
- TLSv1.2 (IN), TLS handshake, Server finished (14):
- TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
- TLSv1.2 (OUT), TLS change cipher, Client hello (1):
- TLSv1.2 (OUT), TLS handshake, Finished (20):
- TLSv1.2 (IN), TLS handshake, Finished (20):
- SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
- ALPN, server did not agree to a protocol
- Server certificate:
- subject: OU=Domain Control Validated; OU=PositiveSSL; CN=mastodon.org.uk
- start date: Jun 8 00:00:00 2018 GMT
- expire date: Jun 8 23:59:59 2019 GMT
- subjectAltName: host "mastodon.org.uk" matched cert's "mastodon.org.uk"
- issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
- SSL certificate verify ok.
GET / HTTP/1.1 Host: mastodon.org.uk User-Agent: curl/7.58.0 Accept: /
< HTTP/1.1 302 Found < Date: Thu, 23 Aug 2018 00:35:51 GMT < Content-Type: text/html; charset=utf-8 < Transfer-Encoding: chunked < Server: Mastodon < X-Frame-Options: DENY < X-Content-Type-Options: nosniff < X-XSS-Protection: 1; mode=block < Location: https://mastodon.org.uk/about < Vary: Accept-Encoding < Cache-Control: no-cache < Set-Cookie: _mastodon_session=%2Fi9oraOBSQ5ljzdzEqZbkB3SEKwonLAhMtBXII4w2m7xoQr%2Fq%2BkNnif4%2BMzx6oPAfZz4ibZdK8KIRU4T4PRV8SeFNH5elg%3D%3D--gFK4IbxECRaT%2Fwrh--AXRuxWfNjmDSJL6Q67ceNQ%3D%3D; path=/; secure; HttpOnly < X-Request-Id: c68e68c1-fd41-44b9-bde2-31a297d51df4 < X-Runtime: 0.006176 < X-Cached: MISS <
- Connection #0 to host mastodon.org.uk left intact