jami clients won't connect to jams
Hi!
I'm trying to setup my "local" only messaging using jams and jami clients. Want to selfhost everything, so installed jams inside rootless container using podman, setup nginx reverse proxy, made self-signed CA and certificates for tls, setup dns resolving for my made-up tld, installed my root ca certificate on client devices.
I assume everything went ok - when i load webpage (jams webinterface) everything loads without an error, there is 'lock' icon in browser's address bar (both on linux pc and android phone).
In jams wizard i've set local database and correct domain. Then created a few users. I can login in jams webinterface with those logins.
Problem: everytime i try to connect from jami clients i get "Can't find account. Account couldn't be found on the Jami network. Make sure it was exported on Jami from an existing device, and that provided credentials are correct".
Capturing traffic on different machines shows that jami client resolving my jams domain name ("jams.lan"), trying to connect using tls ("Client hello"), server responds ("Server hello"), then they send each other just a few more encrypted packets and then i see that "Can't find accound" message in jami client.
I suspect that jami clients are actually don't trust my self-signed tls certificate. I created fullchain + key bundle (cat server.crt rootca.crt server.key > server.pem) from my already working well certificates from my nginx reverse proxy. Then used mitmproxy:
$ mitmdump -p 9922 --certs server.pem -w dump.log -m reverse:http://127.0.0.1:9900
and here is a log (i'm using "jams.lan:9922" as management server url in jami clients):
192.168.1.3:41378: client connect
192.168.1.3:41378: server connect 127.0.0.1:9900
192.168.1.3:41378: Client TLS handshake failed. The client does not trust the proxy's certificate for jams.lan (tlsv1 alert unknown ca)
192.168.1.3:41378: client disconnect
192.168.1.3:41378: server disconnect 127.0.0.1:9900
and nothing was written to dump.log, so nothing was send back to the actual jams server (which listens on port 9900). If i try to open this address (jams.lan:9922) in browser then again everything is fine, getting 'lock' icon in address bar, and dump.log has some data.
Please make jami clients trust user installed certificates.