Thanks Matthias, my certificate expires relatively soon so I had to renew it anyway. I'll use a new key and try again.
On Wed, Oct 28, 2015 at 1:00 PM, <[email protected]> wrote: > Hi, > > On Tue, 27 Oct 2015, Daniele Ricci wrote: > >> Hello list, >> I've been having issues with the certification tool at xmpp.net with my >> server. >> The reported error is: "Connection failed". >> >> I use CACert and I'm pretty sure I have a correct certificate chain (have >> I?): >> http://pastebin.com/pVu2EUjP >> >> IIRC CACert certificates are accepted by this tool, right? > > when I try that with the new openssl-1.1.0-dev I get the following error: > > CONNECTED(00000003) > depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing > Authority, emailAddress = [email protected] > verify return:1 > depth=1 O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root > verify return:1 > depth=0 CN = beta.kontalk.net > verify return:1 > 33728576:error:1409018E:SSL routines:ssl3_get_server_certificate:ca md too > weak:s3_clnt.c:1365: > > Maybe openssl is not very happy with the md5 signature of the CAcert root > certificate, but I don't know what xmpp.net is actually using. > > Matthias -- Daniele
