Windows Pidgin and Comodo Certs

Bill MacAllister whm at stanford.edu
Tue Sep 1 06:29:07 EDT 2009 


--On Monday, August 31, 2009 06:53:34 PM -0700 Paul Aurich <darkrain42 at pidgin.im> wrote:

> And Bill MacAllister spoke on 08/31/2009 06:01 PM, saying:
>> Using Pidgin 2.6.1 on Windows when a new user connects to our Openfire
>> Jabber server Pidgin complains that it cannot find the root
>> certificate for our Comodo certificate.  This does not happen using
>> Pidgin 2.5.5 on ubuntu or for other web applications that use other
>> Comodo certs on the same Windows system.  Is Pidgin on Windows being
>> shipped with a certificate store that doesn't contain the Comodo root?
>>
>> Bill
>
> On Windows (and *nix distributions that do not build using
> --with-system-ssl-certs or do not offer a certificate directory), Pidgin
> uses a limited set of CA certificates shipped with the program, which does
> not currently include a Comodo root.
>
> Could you point out which specific root CA you use (key fingerprint
> ideally, some other uniquely identifying characteristic also works) so that
> we can add it to Pidgin?
>
> ~Paul
>

Just to make sure I got this right here is the chain that I see.

Certificate chain length: 3
Certificate[1]:
Owner: CN=stanford.edu, OU=Comodo InstantSSL, OU=Issued through Stanford University E-PKI Manager, OU=ITSS, O=Stanford University, STREET=397 Panama Mall, L=Stanford, ST=California, OID.2.5.4.17=94305, C=US
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Serial number: 4c14201f4e97281d738b29c49f54d629
Valid from: Wed Aug 19 17:00:00 PDT 2009 until: Sun Aug 19 16:59:59 PDT 2012
Certificate fingerprints:
         MD5:  79:FB:BA:AE:06:F3:7D:69:BF:F9:EC:A8:4B:CA:55:A7
         SHA1: 6E:FA:B9:41:3F:89:12:FE:76:FA:95:EF:DA:C9:A3:6E:D9:35:2D:42
         Signature algorithm name: SHA1withRSA
         Version: 3

Certificate[2]:
Owner: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Serial number: 4286f23d
Valid from: Thu Oct 19 07:39:51 PDT 2006 until: Fri Oct 19 08:09:51 PDT 2012
Certificate fingerprints:
         MD5:  2C:8C:4A:B4:7A:9D:9E:73:09:98:AB:08:E9:8D:D7:B4
         SHA1: E3:9F:E0:6C:48:80:D3:8C:B0:C5:2A:A1:EF:B0:6E:EE:FF:F7:01:DD
         Signature algorithm name: SHA1withRSA
         Version: 3

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 927650371 (0x374ad243)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
        Validity
            Not Before: May 25 16:09:40 1999 GMT
            Not After : May 25 16:39:40 2019 GMT
        Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:cd:28:83:34:54:1b:89:f3:0f:af:37:91:31:ff:
                    af:31:60:c9:a8:e8:b2:10:68:ed:9f:e7:93:36:f1:
                    0a:64:bb:47:f5:04:17:3f:23:47:4d:c5:27:19:81:
                    26:0c:54:72:0d:88:2d:d9:1f:9a:12:9f:bc:b3:71:
                    d3:80:19:3f:47:66:7b:8c:35:28:d2:b9:0a:df:24:
                    da:9c:d6:50:79:81:7a:5a:d3:37:f7:c2:4a:d8:29:
                    92:26:64:d1:e4:98:6c:3a:00:8a:f5:34:9b:65:f8:
                    ed:e3:10:ff:fd:b8:49:58:dc:a0:de:82:39:6b:81:
                    b1:16:19:61:b9:54:b6:e6:43
                Exponent: 3 (0x3)
        X509v3 extensions:
            Netscape Cert Type:
                SSL CA, S/MIME CA, Object Signing CA
            X509v3 CRL Distribution Points:
                DirName:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1
                URI:http://www.entrust.net/CRL/net1.crl

            X509v3 Private Key Usage Period:
                Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 2019 GMT
            X509v3 Key Usage:
                Certificate Sign, CRL Sign
            X509v3 Authority Key Identifier:
                keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A

            X509v3 Subject Key Identifier:
                F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
            X509v3 Basic Constraints:
                CA:TRUE
            1.2.840.113533.7.65.0:
                0
..V4.0....
    Signature Algorithm: sha1WithRSAEncryption
        90:dc:30:02:fa:64:74:c2:a7:0a:a5:7c:21:8d:34:17:a8:fb:
        47:0e:ff:25:7c:8d:13:0a:fb:e4:98:b5:ef:8c:f8:c5:10:0d:
        f7:92:be:f1:c3:d5:d5:95:6a:04:bb:2c:ce:26:36:65:c8:31:
        c6:e7:ee:3f:e3:57:75:84:7a:11:ef:46:4f:18:f4:d3:98:bb:
        a8:87:32:ba:72:f6:3c:e2:3d:9f:d7:1d:d9:c3:60:43:8c:58:
        0e:22:96:2f:62:a3:2c:1f:ba:ad:05:ef:ab:32:78:87:a0:54:
        73:19:b5:5c:05:f9:52:3e:6d:2d:45:0b:f7:0a:93:ea:ed:06:
        f9:b2


Thanks a lot for your help,

Bill

-- 

Bill MacAllister <whm at stanford.edu>
Systems Software Programmer, ITS Unix Systems, Stanford University

More information about the Support mailing list