[Pidgin] #16625: error due to self signed certificate prevents login

Pidgin trac at pidgin.im
Fri Apr 10 05:20:52 EDT 2015


#16625: error due to self signed certificate prevents login
-------------------------------------+---------------------------
 Reporter:  AnonymerGrizzley         |       Owner:  EionRobb
     Type:  defect                   |      Status:  new
Milestone:                           |   Component:  unclassified
  Version:  2.10.11                  |  Resolution:
 Keywords:  SSL, self signed, error  |
-------------------------------------+---------------------------

Comment (by AnonymerGrizzley):

 I attached two certificates: the openssl_* was generated using the openssl
 command
 {{{
  openssl req -new -x509 -days 365 -nodes -out "mytest.ddns.net.crt"
 -newkey rsa:2048 -keyout "mytest.ddns.net.key"
 }}}

 the second one named prosody_* was generated using prosodys built in
 command
 {{{
  prosodyctl cert generate mytest.ddns.net
 }}}

 I mixed those two up at one point and will shortly update the extensions
 to the ones fitting the logfile, sorry about that.[[BR]]

 To make it clear: The '''prosody''' generated cert has the following
 extensions:

 {{{
 X509v3 extensions:
      X509v3 Extended Key Usage:
          TLS Web Server Authentication, TLS Web Client Authentication
      X509v3 Key Usage:
          Digital Signature, Key Encipherment
      X509v3 Basic Constraints:
          CA:FALSE
 }}}



 And is resulting in these errors (one additional):
 {{{
 (11:17:46) nss: CERT 1. E=unknown at localhost,CN=mytest.ddns.net,OU=XMPP
 Department,O=Your Organisation,L=The Internet,C=AT [Certificate
 Authority]:
 (11:17:46) nss:   ERROR -8156: SEC_ERROR_CA_CERT_INVALID
 (11:17:46) nss:   ERROR -8102: SEC_ERROR_INADEQUATE_KEY_USAGE
 (11:17:46) nss:   ERROR -8172: SEC_ERROR_UNTRUSTED_ISSUER
 (11:17:46) certificate: Failed to verify certificate for mytest.ddns.net
 }}}

--
Ticket URL: <https://developer.pidgin.im/ticket/16625#comment:7>
Pidgin <https://pidgin.im>
Pidgin


More information about the Tracker mailing list