Solved: [jadmin] Jabberd2 and SSL CAChain

Bernd Holzmüller tigger at tiggerswelt.net
Wed Apr 5 13:14:44 CDT 2006


Hi everyone,

as I already mentioned: I'm not experienced with OpenSSL.
So if I screw things up and made everything go wrong, don't be angry with 
me ;)

I just wanted to inform the list here that I solved my issue by patching the 
jabberd2-source. All I did was make jabberd2 load the cachain _before_ it 
loads the certificate and its private key in sx/ssl.c (function sx_ssl_init)

I'm too lazy now to generate a patchfile or post any code-snippets here but if 
anyone is interessted in my solution I will try to help.

Maybe someone can forward this to the jabberd2-devel-list.


Bernd

Bernd Holzmüller wrote:
> Thanks for your reply, Robert.
>
> Robert Muchnick wrote:
> > Apache is very, VERY, forgiving of this aspect of OpenSSL. Jabberd2 may
> > not be and may require the concatenation of the public and private keys
> > into one file in order to recognize the security of the connection.
>
> That is totally right.
> Apache needs separate files with public key, private key and cachain.
> Jabberd2 needs one PEM-file (containing public and private key) and one
> file containing the cachain.
>
> When you take apache's public and private key and put it together in one
> file (e.g. cat pub.key > cert.pem; cat priv.key >> cert.pem) this works
> also for jabber - in fact this is the way how I do it.
>
> But whenever I try to use the additional cachain it fails.
>
> I think I am missing something else.
> Maybe the private key has to be appendes to the cachain? (Don't belive
> this either)
>
> > I have had similar issues myself with perfectly recognized certificates
> > in Apache, using officially signed public certs which jabberd refuses to
> > recognize.
>
> Thank god, I'm not alone out there :)
>
>
> Bernd



More information about the JAdmin mailing list