[Juser] Re: Maddening with SSL certificates

Tuomas Santakallio tuomas.santakallio at gmail.com
Wed May 9 08:23:07 CDT 2007


Only the SSL seems not to work out too well (well it IS in Java so no
problemos)



On 09/05/07, Jonathan Siegle <jsiegle at psu.edu> wrote:
>
> Noiano said the following on 5/8/07 5:54 PM:
> >  > Try doing:
> >> $ openssl version -d
> >> OPENSSLDIR: "/usr/lib/ssl"
> >> $ ls -lt /usr/lib/ssl
> >> total 8
> >> lrwxrwxrwx 1 root root   14 2007-03-19 08:56 certs -> /etc/ssl/certs
> >> drwxr-xr-x 2 root root 4096 2007-03-19 08:56 misc
> >> lrwxrwxrwx 1 root root   20 2007-03-19 08:56 openssl.cnf ->
> >> /etc/ssl/openssl.cnf
> >> lrwxrwxrwx 1 root root   16 2007-03-19 08:56 private ->
> /etc/ssl/private
> >> drwxr-xr-x 2 root root 4096 2007-03-16 13:27 engines
> >>
> >> Look at where certs points. If it is pointing to /etc/ssl/certs, verify
> >> that the hash was made for the certificate. If no hash was made, look
> >> for problems with that.
> >>
> >> -Jonathan
> >>
> > The certificate is correctly hashed as long as I can see
> >> Starcom.pem => cb796bc1.0
> >
> > But I still get the error
> >
> >> Verify return code: 19 (self signed certificate in certificate chain)
> >
> > Need some more help please!
> >
> > Thanks for your patience!
> >
>
> Thanks for your patience too. Turns out that openssl s_client does not
> have a default CApath. I don't see an environment variable you can set
> either. There are variables you can set for openssl verify, but that is
> not the issue. So for openssl s_client , you must type:
>
> $ openssl s_client -connect jabber.org:5223 -CApath /etc/ssl/certs/
>
>
>
>
>
> _______________________________________________
> This is JUser -- a mailing list for end
> users of Jabber clients.
>
> To unsubscribe, go to the following web
> page, scroll all the way down, and type
> in your email address:
>
> http://mail.jabber.org/mailman/listinfo/juser
> _______________________________________________
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/juser/attachments/20070509/a670a792/attachment-0003.htm>


More information about the JUser mailing list