[Juser] Re: Maddening with SSL certificates

Jonathan Siegle jsiegle at psu.edu
Mon May 7 10:47:10 CDT 2007


Noiano said the following on 5/6/07 12:21 PM:
> Matthias Wimmer wrote:
>> Hi Noiano!
>> =20
>> Noiano schrieb:
>>> I followed your instructions and I got the return code 0. Now I wonder=
> 
>>> how to tell kopete that everything is ok with the jabber.org
>>> certificate. I also copied the crt file into /usr/share/ssl-cert/ but
>>> nothing, if I do not specify the -CAfile option I get
>> [...]
>>> What to do?
>> =20
>> Find the correct location where your openssl binary expects the CA
>> certificates to be. /usr/share/ssl-cert/ seems more likely to be a
>> location where your system may have installed local certificates but no=
> 
>> CA certificates.
>> =20
>> =20
>> Tot kijk
>>     Matthias
> 
> I did copy this certificate http://cert.startcom.org/ca.crt under
> /etc/ssl/certs and I made a c_rehash but I always get the same error
> both using kopete/psi and using openssl.
>

Try doing:
$ openssl version -d
OPENSSLDIR: "/usr/lib/ssl"
$ ls -lt /usr/lib/ssl
total 8
lrwxrwxrwx 1 root root   14 2007-03-19 08:56 certs -> /etc/ssl/certs
drwxr-xr-x 2 root root 4096 2007-03-19 08:56 misc
lrwxrwxrwx 1 root root   20 2007-03-19 08:56 openssl.cnf -> 
/etc/ssl/openssl.cnf
lrwxrwxrwx 1 root root   16 2007-03-19 08:56 private -> /etc/ssl/private
drwxr-xr-x 2 root root 4096 2007-03-16 13:27 engines

Look at where certs points. If it is pointing to /etc/ssl/certs, verify 
that the hash was made for the certificate. If no hash was made, look 
for problems with that.

-Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3319 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/juser/attachments/20070507/33df5bad/attachment-0001.bin>


More information about the JUser mailing list