[Operators] IM client report for beta.kontalk.net

Daniele Ricci daniele.athome at gmail.com
Wed Oct 28 13:00:15 UTC 2015


I'm sorry you're right, you were referring to the CACert root
certificate, so no immediate solution here. I guess I'll have to
change CA?
Let's wait for what the xmpp.net admin has to say.

On Wed, Oct 28, 2015 at 1:56 PM, Daniele Ricci <daniele.athome at gmail.com> wrote:
> Thanks Matthias,
> my certificate expires relatively soon so I had to renew it anyway.
> I'll use a new key and try again.
>
>
> On Wed, Oct 28, 2015 at 1:00 PM,  <operators-request at xmpp.org> wrote:
>> Hi,
>>
>> On Tue, 27 Oct 2015, Daniele Ricci wrote:
>>
>>> Hello list,
>>> I've been having issues with the certification tool at xmpp.net with my server.
>>> The reported error is: "Connection failed".
>>>
>>> I use CACert and I'm pretty sure I have a correct certificate chain (have I?):
>>> http://pastebin.com/pVu2EUjP
>>>
>>> IIRC CACert certificates are accepted by this tool, right?
>>
>> when I try that with the new openssl-1.1.0-dev I get the following error:
>>
>> CONNECTED(00000003)
>> depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing Authority, emailAddress = support at cacert.org
>> verify return:1
>> depth=1 O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root
>> verify return:1
>> depth=0 CN = beta.kontalk.net
>> verify return:1
>> 33728576:error:1409018E:SSL routines:ssl3_get_server_certificate:ca md too weak:s3_clnt.c:1365:
>>
>> Maybe openssl is not very happy with the md5 signature of the CAcert root
>> certificate, but I don't know what xmpp.net is actually using.
>>
>> Matthias
>
>
>
>
> --
> Daniele



-- 
Daniele


More information about the Operators mailing list