[jadmin] issues install startcom ICA cert on jabberd2
Peter Saint-Andre
stpeter at jabber.org
Mon Dec 11 13:55:39 CST 2006
Norman Rasmussen wrote:
> so, i got a startcom cert, *yay* it's better than the private CA
> signed one I had before *yay*. Psi-0.9 complains that the names don't
> match :-( Psi-dev matches, but still complains about cert chain.
I haven't tested that. Does psi-dev include the ICA cert?
> Firefox complains about cert chain, try https://darkskies.za.net:5223/
You need to import the ICA cert into Firefox if you want the complete
trust chain in your browser. Firefox 2 includes the StartCom root cert
but not the ICA cert.
> my c2s.xml:
>
> <pemfile>/etc/ssl/certs/xmppd.pem</pemfile> (this contains: `openssl
> x509 -in xmppd.crt -text` + xmppd.key)
>
> and:
>
> <cachain>/etc/ssl/startcom-sub.class1.xmpp.ca.crt</cachain>
>
> I couldn't figure out how to get startcom-ca.crt and
> startcom-sub.class1.xmpp.ca.crt into one file :-( any tips?
You don't do that. Well, at least in ejabberd you don't. Instead, you
include both the root cert and the ICA cert separately (plus your domain
cert issued by the ICA). Not sure how PEM files work, though, maybe they
concatenate the root cert and ICA cert?
Peter
--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/jadmin/attachments/20061211/47d778e8/smime-0004.bin
More information about the JAdmin
mailing list