[Juser] Re: Maddening with SSL certificates
Noiano
noiano at x-privat.org
Tue May 1 14:07:14 CDT 2007
Joe Hildebrand wrote:
> One way to check this is to perform these steps at the command line:
>
> wget http://cert.startcom.org/ca.crt
> openssl s_client -connect jabber.org:5223 -CAfile ca.crt
>
> If you see:
> Verify return code: 0 (ok)
>
> at the end, then everything is correct at jabber.org. One common
> mistake client-side is to not check the entire certificate chain; I
> don't know if that's the issue here.
>
I followed your instructions and I got the return code 0. Now I wonder
how to tell kopete that everything is ok with the jabber.org
certificate. I also copied the crt file into /usr/share/ssl-cert/ but
nothing, if I do not specify the -CAfile option I get
> Protocol : TLSv1
> Cipher : AES256-SHA
> Session-ID: 734D76F971FC52EF386E7A11BCF0F31B1197E14D874BA72941329BDC0819320D
> Session-ID-ctx:
> Master-Key: F9BE2DA57AB8CA88FF40C10EFD66C3B0F41F9BD0571765D02BFA4AB5C50983E8B0277E0CAAC6F473E90C82DFB37D4FA2
> Key-Arg : None
> Start Time: 1178046322
> Timeout : 300 (sec)
> Verify return code: 19 (self signed certificate in certificate chain)
What to do?
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://mail.jabber.org/pipermail/juser/attachments/20070501/f8c9794c/signature.pgp
More information about the JUser
mailing list