[Juser] Re: Maddening with SSL certificates
Jonathan Siegle
jsiegle at psu.edu
Wed May 2 11:30:21 CDT 2007
Noiano said the following on 5/1/07 3:07 PM:
> Joe Hildebrand wrote:
>> One way to check this is to perform these steps at the command line:
>>
>> wget http://cert.startcom.org/ca.crt
>> openssl s_client -connect jabber.org:5223 -CAfile ca.crt
>>
>> If you see:
>> Verify return code: 0 (ok)
>>
>> at the end, then everything is correct at jabber.org. One common
>> mistake client-side is to not check the entire certificate chain; I
>> don't know if that's the issue here.
>>
>
> I followed your instructions and I got the return code 0. Now I wonder
> how to tell kopete that everything is ok with the jabber.org
> certificate. I also copied the crt file into /usr/share/ssl-cert/ but
> nothing, if I do not specify the -CAfile option I get
>
>> Protocol : TLSv1
>> Cipher : AES256-SHA
>> Session-ID: 734D76F971FC52EF386E7A11BCF0F31B1197E14D874BA72941329BDC0819320D
>> Session-ID-ctx:
>> Master-Key: F9BE2DA57AB8CA88FF40C10EFD66C3B0F41F9BD0571765D02BFA4AB5C50983E8B0277E0CAAC6F473E90C82DFB37D4FA2
>> Key-Arg : None
>> Start Time: 1178046322
>> Timeout : 300 (sec)
>> Verify return code: 19 (self signed certificate in certificate chain)
>
> What to do?
>
Try running c_rehash on that directory.
-Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3357 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/juser/attachments/20070502/3ab2c1ab/attachment-0001.bin>
More information about the JUser
mailing list