[Juser] Maddening with SSL certificates

Joe Hildebrand hildjj at gmail.com
Tue May 1 11:03:25 CDT 2007


One way to check this is to perform these steps at the command line:

wget http://cert.startcom.org/ca.crt
openssl s_client -connect jabber.org:5223 -CAfile ca.crt

If you see:
Verify return code: 0 (ok)

at the end, then everything is correct at jabber.org.  One common  
mistake client-side is to not check the entire certificate chain; I  
don't know if that's the issue here.

On May 1, 2007, at 9:45 AM, Peter Saint-Andre wrote:

> Noiano wrote:
>> Hello everybody
>> I beg your pardon for this common and very frequent question. I  
>> have a
>> jabber.org account and I would like to connect via SSL because I  
>> often
>> connect using FON hotspot or university's lan so I fear from stealing
>> password. I always get error of unverified certificate and I really
>> cannot understand why is this happening: I have installed all  
>> startcom
>> root certificate but both kopete and psi complain about the  
>> certificate.
>> What I understood is that the certificate on jabber.org server  
>> doesn't
>> have the whole certificate chain so it is not possible to verify the
>> digital signature. However I can see the signature of jabber  
>> foundation
>> but it has no CA signature...what do I wrong?
>
> I have not tested with Kopete, but I know that Psi has a bug in its  
> certificate handling code, which results in showing an error to the  
> user for the jabber.org server (and probably any server that has  
> received a certificate from the XMPP ICA). It is true that there  
> was a bug in ejabberd (not presenting the entire certificate chain)  
> but we installed a patch on 2007-03-16 and as far as I know the  
> jabber.org server is behaving properly now. The Psi bug is being  
> fixed or perhaps already has been fixed in source control.
>
> Peter
>
> -- 
> Peter Saint-Andre
> XMPP Standards Foundation
> http://www.xmpp.org/xsf/people/stpeter.shtml
>
> _______________________________________________
> This is JUser -- a mailing list for end
> users of Jabber clients.
>
> To unsubscribe, go to the following web
> page, scroll all the way down, and type
> in your email address:
>
> http://mail.jabber.org/mailman/listinfo/juser
> _______________________________________________




More information about the JUser mailing list