[Juser] Re: Maddening with SSL certificates

Noiano noiano at x-privat.org
Tue May 1 14:07:14 CDT 2007


Joe Hildebrand wrote:
> One way to check this is to perform these steps at the command line:
> 
> wget http://cert.startcom.org/ca.crt
> openssl s_client -connect jabber.org:5223 -CAfile ca.crt
> 
> If you see:
> Verify return code: 0 (ok)
> 
> at the end, then everything is correct at jabber.org.  One common
> mistake client-side is to not check the entire certificate chain; I
> don't know if that's the issue here.
> 

I followed your instructions and I got the return code 0. Now I wonder
how to tell kopete that everything is ok with the jabber.org
certificate. I also copied the crt file into /usr/share/ssl-cert/ but
nothing, if I do not specify the -CAfile option I get

>     Protocol  : TLSv1
>     Cipher    : AES256-SHA
>     Session-ID: 734D76F971FC52EF386E7A11BCF0F31B1197E14D874BA72941329BDC0819320D
>     Session-ID-ctx:
>     Master-Key: F9BE2DA57AB8CA88FF40C10EFD66C3B0F41F9BD0571765D02BFA4AB5C50983E8B0277E0CAAC6F473E90C82DFB37D4FA2
>     Key-Arg   : None
>     Start Time: 1178046322
>     Timeout   : 300 (sec)
>     Verify return code: 19 (self signed certificate in certificate chain)

What to do?

Thanks

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/juser/attachments/20070501/f8c9794c/attachment-0001.pgp>


More information about the JUser mailing list