[Operators] IM client report for beta.kontalk.net

Daniele Ricci daniele.athome at gmail.com
Wed Oct 28 12:56:30 UTC 2015


Thanks Matthias,
my certificate expires relatively soon so I had to renew it anyway.
I'll use a new key and try again.


On Wed, Oct 28, 2015 at 1:00 PM,  <operators-request at xmpp.org> wrote:
> Hi,
>
> On Tue, 27 Oct 2015, Daniele Ricci wrote:
>
>> Hello list,
>> I've been having issues with the certification tool at xmpp.net with my server.
>> The reported error is: "Connection failed".
>>
>> I use CACert and I'm pretty sure I have a correct certificate chain (have I?):
>> http://pastebin.com/pVu2EUjP
>>
>> IIRC CACert certificates are accepted by this tool, right?
>
> when I try that with the new openssl-1.1.0-dev I get the following error:
>
> CONNECTED(00000003)
> depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = support at cacert.org
> verify return:1
> depth=1 O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root
> verify return:1
> depth=0 CN = beta.kontalk.net
> verify return:1
> 33728576:error:1409018E:SSL routines:ssl3_get_server_certificate:ca md too weak:s3_clnt.c:1365:
>
> Maybe openssl is not very happy with the md5 signature of the CAcert root
> certificate, but I don't know what xmpp.net is actually using.
>
> Matthias




-- 
Daniele


More information about the Operators mailing list