On Mon, Dec 14, 2009 at 12:29 AM, David Kaiser <dkai...@cdk.com> wrote:
> hostname is: irc.socallinux.org (specify the entire hostname) > Configure your connection to use SSL (TLSv1 or SSLv3) on port 9994 or 9999 I am using 9994. > I recommend installing the CAcert root (both the Main Class1 and Class3) > certs into your local CA certificate bundle. (Or verify that your > operating system already has them.) [t...@tlyons ~]$ dpkg --list ca-cert* Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============-==============-============================================ ii ca-certificate 20090814 Common CA certificates rc ca-certificate 20081028 Common CA certificates (JKS keystore) [t...@tlyons ~]$ ls /etc/ssl/certs/ | wc -l 292 > * Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits) > > If it doesn't say 'valid', or somehow shows an obvious error like this: > > " * Verify return code: 21 (unable to verify the first certificate)" > > you may not have the CA certificate bundle in place for your client to > refer to or some other problem - (ask around for client config help...) I'm checking that out right now, using this blog posting: http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/ Either my XChat is looking in the wrong place for the ca cert bundle, or I need to add this particular ca in, but I suspect it's already there (see above). > Let me know if you have any difficulties connecting or using the IRC server. See anything that screams out what to do? --- Looking up irc.socallinux.org.. --- Connecting to irc.socallinux.org (174.143.149.197) port 9994.. --- * Subject: /CN=irc.cdk.com --- * Issuer: /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root --- * Subject: /CN=irc.cdk.com --- * Issuer: /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root --- * Subject: /CN=irc.cdk.com --- * Issuer: /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root --- * Certification info: --- Subject: --- CN=irc.cdk.com --- Issuer: --- O=CAcert Inc. --- OU=http: --- --- www.CAcert.org --- CN=CAcert Class 3 Root --- Public key algorithm: rsaEncryption (2048 bits) --- Sign algorithm sha1WithRSAEncryption --- Valid since Dec 2 06:39:46 2009 GMT to Dec 2 06:39:46 2011 GMT --- * Cipher info: --- Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits) --- Connection failed. Error: unable to verify the first certificate.? (21) -- Regards... Todd Real Integrity is doing the right thing, knowing that no body's going to know whether you did it or not. _______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
