What distro? Your package is named ca-certificate?
Both Ubuntu and Debian packages are named ca-certificates (plural - 's' at the end) What do get from the results of: ls -l /etc/ssl/certs/cacert* ? On 12/14/2009, "Todd Lyons" <tly...@ivenue.com> wrote: >On Mon, Dec 14, 2009 at 12:29 AM, David Kaiser <dkai...@cdk.com> wrote: > >> hostname is: irc.socallinux.org (specify the entire hostname) >> Configure your connection to use SSL (TLSv1 or SSLv3) on port 9994 or 9999 > >I am using 9994. > >> I recommend installing the CAcert root (both the Main Class1 and Class3) >> certs into your local CA certificate bundle. (Or verify that your >> operating system already has them.) > >[t...@tlyons ~]$ dpkg --list ca-cert* >Desired=Unknown/Install/Remove/Purge/Hold >| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend >|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) >||/ Name Version Description >+++-==============-==============-============================================ >ii ca-certificate 20090814 Common CA certificates >rc ca-certificate 20081028 Common CA certificates (JKS keystore) > >[t...@tlyons ~]$ ls /etc/ssl/certs/ | wc -l >292 > >> * Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits) >> >> If it doesn't say 'valid', or somehow shows an obvious error like this: >> >> " * Verify return code: 21 (unable to verify the first certificate)" >> >> you may not have the CA certificate bundle in place for your client to >> refer to or some other problem - (ask around for client config help...) > >I'm checking that out right now, using this blog posting: >http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/ > >Either my XChat is looking in the wrong place for the ca cert bundle, >or I need to add this particular ca in, but I suspect it's already >there (see above). > >> Let me know if you have any difficulties connecting or using the IRC server. > >See anything that screams out what to do? > >--- Looking up irc.socallinux.org.. >--- Connecting to irc.socallinux.org (174.143.149.197) port 9994.. >--- * Subject: /CN=irc.cdk.com >--- * Issuer: /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root >--- * Subject: /CN=irc.cdk.com >--- * Issuer: /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root >--- * Subject: /CN=irc.cdk.com >--- * Issuer: /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root >--- * Certification info: >--- Subject: >--- CN=irc.cdk.com >--- Issuer: >--- O=CAcert Inc. >--- OU=http: >--- >--- www.CAcert.org >--- CN=CAcert Class 3 Root >--- Public key algorithm: rsaEncryption (2048 bits) >--- Sign algorithm sha1WithRSAEncryption >--- Valid since Dec 2 06:39:46 2009 GMT to Dec 2 06:39:46 2011 GMT >--- * Cipher info: >--- Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits) >--- Connection failed. Error: unable to verify the first certificate.? (21) > >-- >Regards... Todd >Real Integrity is doing the right thing, knowing that no body's going >to know whether you did it or not. >_______________________________________________ >LinuxUsers mailing list >LinuxUsers@socallinux.org >http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers _______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
