[Juser] Maddening with SSL certificates
Matthias Wimmer
m at tthias.eu
Tue May 1 12:58:49 CDT 2007
Hi Jonathan!
Jonathan Siegle schrieb:
>>> Thanks for noting that. I couldn't quite understand why it was
>>> telling me that there is a "self signed certificate in certificate
>>> chain". Duh! I'll look at fixing that right now..
The self-signed certificate is the root certificate of startcom. OpenSSL
gives you the "self signed certificate in certificate chain" if it does
not trust the CA.
> I don't believe that we are supposed to send the root certificate which
> I see in the chain when I do
> $ openssl s_client -connect jabber.org:5223
The root certificate is not needed to be transfered, but it is allowed
to do so and it should not hurt. Many servers (not only XMPP/Jabber) do
transfer the root certificate of the certificate chain.
Matthias
--
Matthias Wimmer Fon +49-700 77 00 77 70
Züricher Str. 243 Fax +49-89 95 89 91 56
81476 München http://ma.tthias.eu/
More information about the JUser
mailing list