[Pidgin] #16625: error due to self signed certificate prevents login

Pidgin trac at pidgin.im
Fri Apr 10 05:20:52 EDT 2015

#16625: error due to self signed certificate prevents login
 Reporter:  AnonymerGrizzley         |       Owner:  EionRobb
     Type:  defect                   |      Status:  new
Milestone:                           |   Component:  unclassified
  Version:  2.10.11                  |  Resolution:
 Keywords:  SSL, self signed, error  |

Comment (by AnonymerGrizzley):

 I attached two certificates: the openssl_* was generated using the openssl
  openssl req -new -x509 -days 365 -nodes -out "mytest.ddns.net.crt"
 -newkey rsa:2048 -keyout "mytest.ddns.net.key"

 the second one named prosody_* was generated using prosodys built in
  prosodyctl cert generate mytest.ddns.net

 I mixed those two up at one point and will shortly update the extensions
 to the ones fitting the logfile, sorry about that.[[BR]]

 To make it clear: The '''prosody''' generated cert has the following

 X509v3 extensions:
      X509v3 Extended Key Usage:
          TLS Web Server Authentication, TLS Web Client Authentication
      X509v3 Key Usage:
          Digital Signature, Key Encipherment
      X509v3 Basic Constraints:

 And is resulting in these errors (one additional):
 (11:17:46) nss: CERT 1. E=unknown at localhost,CN=mytest.ddns.net,OU=XMPP
 Department,O=Your Organisation,L=The Internet,C=AT [Certificate
 (11:17:46) nss:   ERROR -8156: SEC_ERROR_CA_CERT_INVALID
 (11:17:46) nss:   ERROR -8102: SEC_ERROR_INADEQUATE_KEY_USAGE
 (11:17:46) nss:   ERROR -8172: SEC_ERROR_UNTRUSTED_ISSUER
 (11:17:46) certificate: Failed to verify certificate for mytest.ddns.net

Ticket URL: <https://developer.pidgin.im/ticket/16625#comment:7>
Pidgin <https://pidgin.im>

More information about the Tracker mailing list