[jadmin] SASL-Auth to jabber.org

Jonathan Siegle jsiegle at psu.edu
Wed Apr 26 05:58:25 CDT 2006

Philipp Hancke said the following on 4/26/06 1:49 AM:
> Matthias Wimmer schrieb:
>> Hi!
>> Is anyone able to establish an SASL-authed s2s link to jabber.org? I 
>> always get (jabber.org): TLS verification failed: unable to verify the 
>> first certificate.
> Error code 21?
> You need to install the Comodo Class 3 Certificate...
> http://www.instantssl.com/ssl-certificate-support/cert_installation/ComodoSecurityServicesCA2018.crt 
> That changes the error code to 27, which is a problem with the
> certificate, not yours. The problems seems to be that Comodo marks
> 'Key Usage' as critical and the cert is not used for an 'allowed'
> purpose.

  X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment
             X509v3 Basic Constraints: critical
             X509v3 Extended Key Usage:
                 TLS Web Server Authentication, TLS Web Client 

I wonder what we should have requested in here.

> Using a cacert certificate would help, they dont set 'Key Usage' to
> critial :-)

Is this bad?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3252 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jadmin/attachments/20060426/193a9a1f/attachment-0001.bin>

More information about the JAdmin mailing list