Re: Windows Pidgin and Comodo Certs

Tue, 01 Sep 2009 03:29:27 -0700 


--On Monday, August 31, 2009 06:53:34 PM -0700 Paul Aurich 
<[email protected]> wrote:


And Bill MacAllister spoke on 08/31/2009 06:01 PM, saying:

Using Pidgin 2.6.1 on Windows when a new user connects to our Openfire
Jabber server Pidgin complains that it cannot find the root
certificate for our Comodo certificate.  This does not happen using
Pidgin 2.5.5 on ubuntu or for other web applications that use other
Comodo certs on the same Windows system.  Is Pidgin on Windows being
shipped with a certificate store that doesn't contain the Comodo root?

Bill


On Windows (and *nix distributions that do not build using
--with-system-ssl-certs or do not offer a certificate directory), Pidgin
uses a limited set of CA certificates shipped with the program, which does
not currently include a Comodo root.

Could you point out which specific root CA you use (key fingerprint
ideally, some other uniquely identifying characteristic also works) so that
we can add it to Pidgin?

~Paul



Just to make sure I got this right here is the chain that I see.

Certificate chain length: 3
Certificate[1]:
Owner: CN=stanford.edu, OU=Comodo InstantSSL, OU=Issued through Stanford 
University E-PKI Manager, OU=ITSS, O=Stanford University, STREET=397 Panama 
Mall, L=Stanford, ST=California, OID.2.5.4.17=94305, C=US
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater 
Manchester, C=GB
Serial number: 4c14201f4e97281d738b29c49f54d629
Valid from: Wed Aug 19 17:00:00 PDT 2009 until: Sun Aug 19 16:59:59 PDT 2012
Certificate fingerprints:
        MD5:  79:FB:BA:AE:06:F3:7D:69:BF:F9:EC:A8:4B:CA:55:A7
        SHA1: 6E:FA:B9:41:3F:89:12:FE:76:FA:95:EF:DA:C9:A3:6E:D9:35:2D:42
        Signature algorithm name: SHA1withRSA
        Version: 3

Certificate[2]:
Owner: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater 
Manchester, C=GB
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 
Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), 
O=Entrust.net, C=US
Serial number: 4286f23d
Valid from: Thu Oct 19 07:39:51 PDT 2006 until: Fri Oct 19 08:09:51 PDT 2012
Certificate fingerprints:
        MD5:  2C:8C:4A:B4:7A:9D:9E:73:09:98:AB:08:E9:8D:D7:B4
        SHA1: E3:9F:E0:6C:48:80:D3:8C:B0:C5:2A:A1:EF:B0:6E:EE:FF:F7:01:DD
        Signature algorithm name: SHA1withRSA
        Version: 3

Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number: 927650371 (0x374ad243)
       Signature Algorithm: sha1WithRSAEncryption
       Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. 
(limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server 
Certification Authority
       Validity
           Not Before: May 25 16:09:40 1999 GMT
           Not After : May 25 16:39:40 2019 GMT
       Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. 
(limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server 
Certification Authority
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
           RSA Public Key: (1024 bit)
               Modulus (1024 bit):
                   00:cd:28:83:34:54:1b:89:f3:0f:af:37:91:31:ff:
                   af:31:60:c9:a8:e8:b2:10:68:ed:9f:e7:93:36:f1:
                   0a:64:bb:47:f5:04:17:3f:23:47:4d:c5:27:19:81:
                   26:0c:54:72:0d:88:2d:d9:1f:9a:12:9f:bc:b3:71:
                   d3:80:19:3f:47:66:7b:8c:35:28:d2:b9:0a:df:24:
                   da:9c:d6:50:79:81:7a:5a:d3:37:f7:c2:4a:d8:29:
                   92:26:64:d1:e4:98:6c:3a:00:8a:f5:34:9b:65:f8:
                   ed:e3:10:ff:fd:b8:49:58:dc:a0:de:82:39:6b:81:
                   b1:16:19:61:b9:54:b6:e6:43
               Exponent: 3 (0x3)
       X509v3 extensions:
           Netscape Cert Type:
               SSL CA, S/MIME CA, Object Signing CA
           X509v3 CRL Distribution Points:
               DirName:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by 
ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure 
Server Certification Authority/CN=CRL1
               URI:http://www.entrust.net/CRL/net1.crl

           X509v3 Private Key Usage Period:
               Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 
2019 GMT
           X509v3 Key Usage:
               Certificate Sign, CRL Sign
           X509v3 Authority Key Identifier:
               keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A

           X509v3 Subject Key Identifier:
               F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
           X509v3 Basic Constraints:
               CA:TRUE
           1.2.840.113533.7.65.0:
               0
..V4.0....
   Signature Algorithm: sha1WithRSAEncryption
       90:dc:30:02:fa:64:74:c2:a7:0a:a5:7c:21:8d:34:17:a8:fb:
       47:0e:ff:25:7c:8d:13:0a:fb:e4:98:b5:ef:8c:f8:c5:10:0d:
       f7:92:be:f1:c3:d5:d5:95:6a:04:bb:2c:ce:26:36:65:c8:31:
       c6:e7:ee:3f:e3:57:75:84:7a:11:ef:46:4f:18:f4:d3:98:bb:
       a8:87:32:ba:72:f6:3c:e2:3d:9f:d7:1d:d9:c3:60:43:8c:58:
       0e:22:96:2f:62:a3:2c:1f:ba:ad:05:ef:ab:32:78:87:a0:54:
       73:19:b5:5c:05:f9:52:3e:6d:2d:45:0b:f7:0a:93:ea:ed:06:
       f9:b2


Thanks a lot for your help,

Bill

--

Bill MacAllister <[email protected]>
Systems Software Programmer, ITS Unix Systems, Stanford University

_______________________________________________
[email protected] mailing list
Want to unsubscribe?  Use this link:
http://pidgin.im/cgi-bin/mailman/listinfo/support






















					Reply via email to