[Juser] Re: Maddening with SSL certificates

Jonathan Siegle jsiegle at psu.edu
Wed May 2 11:30:21 CDT 2007


Noiano said the following on 5/1/07 3:07 PM:
> Joe Hildebrand wrote:
>> One way to check this is to perform these steps at the command line:
>>
>> wget http://cert.startcom.org/ca.crt
>> openssl s_client -connect jabber.org:5223 -CAfile ca.crt
>>
>> If you see:
>> Verify return code: 0 (ok)
>>
>> at the end, then everything is correct at jabber.org.  One common
>> mistake client-side is to not check the entire certificate chain; I
>> don't know if that's the issue here.
>>
> 
> I followed your instructions and I got the return code 0. Now I wonder
> how to tell kopete that everything is ok with the jabber.org
> certificate. I also copied the crt file into /usr/share/ssl-cert/ but
> nothing, if I do not specify the -CAfile option I get
> 
>>     Protocol  : TLSv1
>>     Cipher    : AES256-SHA
>>     Session-ID: 734D76F971FC52EF386E7A11BCF0F31B1197E14D874BA72941329BDC0819320D
>>     Session-ID-ctx:
>>     Master-Key: F9BE2DA57AB8CA88FF40C10EFD66C3B0F41F9BD0571765D02BFA4AB5C50983E8B0277E0CAAC6F473E90C82DFB37D4FA2
>>     Key-Arg   : None
>>     Start Time: 1178046322
>>     Timeout   : 300 (sec)
>>     Verify return code: 19 (self signed certificate in certificate chain)
> 
> What to do?
> 

Try running c_rehash on that directory.

-Jonathan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3357 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/juser/attachments/20070502/3ab2c1ab/attachment-0001.bin>


More information about the JUser mailing list