[Juser] Maddening with SSL certificates

Matthias Wimmer m at tthias.eu
Tue May 1 12:58:49 CDT 2007


Hi Jonathan!


Jonathan Siegle schrieb:
>>>     Thanks for noting that. I couldn't quite understand why it was
>>> telling me that there is a "self signed certificate in certificate
>>> chain". Duh! I'll look at fixing that right now..

The self-signed certificate is the root certificate of startcom. OpenSSL
gives you the "self signed certificate in certificate chain" if it does
not trust the CA.

> I don't believe that we are supposed to send the root certificate which
> I see in the chain when I do
> $ openssl s_client -connect jabber.org:5223

The root certificate is not needed to be transfered, but it is allowed
to do so and it should not hurt. Many servers (not only XMPP/Jabber) do
transfer the root certificate of the certificate chain.


Matthias

-- 
Matthias Wimmer      Fon +49-700 77 00 77 70
Züricher Str. 243    Fax +49-89 95 89 91 56
81476 München        http://ma.tthias.eu/




More information about the JUser mailing list