Client connect to MR server over HTTPS not work.

[SamdyPrum]

Dear all,

I got the problem that client connect to MR server with HTTPS not working and got error:
Download error -1202: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “munkireport.com” which could put your confidential information at risk. SSL error detail: (-9807, 'Invalid certificate chain')

Anyone help me please
Thank you!

[tuxudo]

This is an issue with your certificates. MunkiReport and Safari use the same certificate backend. Because of this, you can use Safari to troubleshoot MunkiReport certificate problems by trying to load the MunkiReport dashboard in Safari. My guess is that the certificate that is being used by the MR server doesn't have the correct URL within it. Safari can tell you more about why exactly it is failing

[jby]

Are you perhaps, like me, having a "MiTM" proxy for SSL decryption in the chain?
If so, you need to add the certificate of the proxy to the chain on the server.
And, like John is saying, try it in a browser or with curl -vvI URL or with openssl s_client -connect URL:443 if all of those work MR should work as well...

[SamdyPrum]

Thank you @tuxudo and @jby
The problem is server certificate is invalid we have generated a certificate for the server that expired validated to long it make Safari think that the certificate is certificate is not standards compliant for other browser is working fine with certificate.

[tuxudo]

You will have to create the certificate in such a way that it is valid in Safari. It is not possible to change how macOS/Safari see the certificate as valid or not, this is done by design by Apple and it cannot be changed.