Hey Guys... Just FYI... the certificate's common name appears to be set to irc.cdk.com not irc.socallinux.org, so this may or may not be a problem for your client.
While the SSL handshake is successful, typically browsers will not trust the certificate if the hostname specified is different than what's contained in the CN. If you're using Pidgin for example, you'll get a convenient dialog asking whether you trust the certificate even with the difference in name. If you change the server path to irc.cdk.com, pidgin will simply ask if you trust the cert, since it doesn't seem check the system wide CA certificate path. I don't know if Xchat for example checks either the common name or the certificate path, but I can never seem to get a successful connection with it unless I explicitly state to ignore cert errors (which I just don't like to do). If anyone has input on how to get Xchat to check against either a directory of certs or the specific CA cert, that would be most interesting. To test an SSL connection from CLI and test for validity... openssl s_client -connect irc.socallinux.org:9994 -CAfile /usr/share/ca-certificates/cacert.org/cacert.org.crt -- Gilbert Mendoza PGP: 0x7403B303 Email: gmendoza at gmail.com http://gilbertmendoza.com _______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
