Re: STARTTLS connection on jabberd2
Dnia 2015-02-26, czw o godzinie 12:00 +0100, Matěj Cepl pisze: https://bugzilla.redhat.com/show_bug.cgi?id=1179229. What do you think about my comment 3 and the attached patch? I have no idea. My knowledge of TLS is close to vague. -- /o__ Q: What do monsters eat? (_^' A: Things.
Re: STARTTLS connection on jabberd2
Dnia 2015-02-26, czw o godzinie 01:09 +0100, Matěj Cepl pisze: pemfile=/etc/pki/tls/certs/luther.ceplovi.cz-intermediate.crt .crt suggests that this is certificate only. You need a .pem with full chain of all certificates from the CA, to your certificate (if not present in global ca-certificates) and a private key, concatenated together in one file. -- /o__ Talking about a piece of movie dialogue: Let's have some new (_^' cliches. -Samuel Goldwyn
Re: STARTTLS connection on jabberd2
On 26/02/15 11:23, Tomasz Sterna wrote: Dnia 2015-02-26, czw o godzinie 01:09 +0100, Matěj Cepl pisze: pemfile=/etc/pki/tls/certs/luther.ceplovi.cz-intermediate.crt .crt suggests that this is certificate only. You need a .pem with full chain of all certificates from the CA, to your certificate (if not present in global ca-certificates) and a private key, concatenated together in one file. Yes, I forgot to add the key, thank you. Also, on the similar note. I have started to look at our Fedora/RHEL bugs for jabberd2 (and some of them are shamefully old) and I have found https://bugzilla.redhat.com/show_bug.cgi?id=1179229. What do you think about my comment 3 and the attached patch? Best, Matěj -- http://www.ceplovi.cz/matej/, Jabber: mc...@ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC If Patrick Henry thought that taxation without representation was bad, he should see how bad it is with representation.
STARTTLS connection on jabberd2
Hi, I am installing jabberd2 from RHEL-6 package and the configuration seems to be bit broken (yes, I do need jabberd2, persuading me to switch to another server doesn't help me). I am now getting connection from the remote client, but unfortunately only without TLS and over unencrypted sessions. Server doesn't seem to offer secured communication at all (at least pidgin claims that You require encryption, but it is not available on this server.). Here is the local element of my c2s.xml file (or is anything else relevant?): local id realm=redcrew.org register-enable=mu pemfile=/etc/pki/tls/certs/localhost-combined.pem redcrew.org/id id realm=ceplovi.cz register-enable=mu require-starttls=mu pemfile=/etc/pki/tls/certs/luther.ceplovi.cz-intermediate.crt ceplovi.cz/id !-- or the default hostid password-change='mu' / -- !-- IP address to bind to (default: 0.0.0.0) -- ip0.0.0.0/ip !-- Port to bind to, or 0 to disable unencrypted access to the server (default: 5222) -- port5222/port !-- ssl-port5223/ssl-port -- pemfile/etc/pki/tls/certs/luther.ceplovi.cz-intermediate.crt/pemfile !-- verify-mode7/verify-mode -- !-- cachain/etc/jabberd/client_ca_certs.pem/cachain -- /local Does anybody see anything missing? Could anybody see from outside what's wrong with XMPP server for ceplovi.cz, please? Thank you in advance for any responses, Matěj
