I'm sorry you're right, you were referring to the CACert root certificate, so no immediate solution here. I guess I'll have to change CA? Let's wait for what the xmpp.net admin has to say.
On Wed, Oct 28, 2015 at 1:56 PM, Daniele Ricci <[email protected]> wrote: > Thanks Matthias, > my certificate expires relatively soon so I had to renew it anyway. > I'll use a new key and try again. > > > On Wed, Oct 28, 2015 at 1:00 PM, <[email protected]> wrote: >> Hi, >> >> On Tue, 27 Oct 2015, Daniele Ricci wrote: >> >>> Hello list, >>> I've been having issues with the certification tool at xmpp.net with my >>> server. >>> The reported error is: "Connection failed". >>> >>> I use CACert and I'm pretty sure I have a correct certificate chain (have >>> I?): >>> http://pastebin.com/pVu2EUjP >>> >>> IIRC CACert certificates are accepted by this tool, right? >> >> when I try that with the new openssl-1.1.0-dev I get the following error: >> >> CONNECTED(00000003) >> depth=2 O = Root CA, OU = http://www.cacert.org, CN = CA Cert Signing >> Authority, emailAddress = [email protected] >> verify return:1 >> depth=1 O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root >> verify return:1 >> depth=0 CN = beta.kontalk.net >> verify return:1 >> 33728576:error:1409018E:SSL routines:ssl3_get_server_certificate:ca md too >> weak:s3_clnt.c:1365: >> >> Maybe openssl is not very happy with the md5 signature of the CAcert root >> certificate, but I don't know what xmpp.net is actually using. >> >> Matthias > > > > > -- > Daniele -- Daniele
