[Juser] Re: Maddening with SSL certificates

Jonathan Siegle jsiegle at psu.edu
Mon May 14 06:17:46 CDT 2007

Noiano said the following on 5/12/07 5:06 AM:
> Jonathan Siegle wrote:
>> Thanks for your patience too. Turns out that openssl s_client does not
>> have a default CApath. I don't see an environment variable you can set
>> either. There are variables you can set for openssl verify, but that is=
>> not the issue. So for openssl s_client , you must type:
>> =20
>> $ openssl s_client -connect jabber.org:5223 -CApath /etc/ssl/certs/
>> =20
> This command does work ok...I get the 0 code which means ok! But what
> about the im clients? If i do not specify the -CApath parameter I still
> get the error...
No default CApath for s_client is why you would see this when you don't 
specify the variable on the command line.

> Any Ideas?

With PSI, I get "The hostname does not match the one the certificate was 
issued to". Is this what you are seeing? Do a google search on that 
string to see the conversation. It sounds like we need a new certificate 
on here because the CN is off because clients are seeing this.


> Thanks
> ------------------------------------------------------------------------
> _______________________________________________
> This is JUser -- a mailing list for end
> users of Jabber clients.
> To unsubscribe, go to the following web 
> page, scroll all the way down, and type 
> in your email address:
> http://mail.jabber.org/mailman/listinfo/juser
> _______________________________________________

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3319 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/juser/attachments/20070514/b6c31751/attachment-0001.bin>

More information about the JUser mailing list