[Pidgin] #16625: error due to self signed certificate prevents login
Pidgin
trac at pidgin.im
Fri Apr 10 05:20:52 EDT 2015
#16625: error due to self signed certificate prevents login
-------------------------------------+---------------------------
Reporter: AnonymerGrizzley | Owner: EionRobb
Type: defect | Status: new
Milestone: | Component: unclassified
Version: 2.10.11 | Resolution:
Keywords: SSL, self signed, error |
-------------------------------------+---------------------------
Comment (by AnonymerGrizzley):
I attached two certificates: the openssl_* was generated using the openssl
command
{{{
openssl req -new -x509 -days 365 -nodes -out "mytest.ddns.net.crt"
-newkey rsa:2048 -keyout "mytest.ddns.net.key"
}}}
the second one named prosody_* was generated using prosodys built in
command
{{{
prosodyctl cert generate mytest.ddns.net
}}}
I mixed those two up at one point and will shortly update the extensions
to the ones fitting the logfile, sorry about that.[[BR]]
To make it clear: The '''prosody''' generated cert has the following
extensions:
{{{
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Basic Constraints:
CA:FALSE
}}}
And is resulting in these errors (one additional):
{{{
(11:17:46) nss: CERT 1. E=unknown at localhost,CN=mytest.ddns.net,OU=XMPP
Department,O=Your Organisation,L=The Internet,C=AT [Certificate
Authority]:
(11:17:46) nss: ERROR -8156: SEC_ERROR_CA_CERT_INVALID
(11:17:46) nss: ERROR -8102: SEC_ERROR_INADEQUATE_KEY_USAGE
(11:17:46) nss: ERROR -8172: SEC_ERROR_UNTRUSTED_ISSUER
(11:17:46) certificate: Failed to verify certificate for mytest.ddns.net
}}}
--
Ticket URL: <https://developer.pidgin.im/ticket/16625#comment:7>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list