My problem had turned out to be not having poked the right holes in my firewall and when I did that, I'm successfully exchanging messages with WaveSandbox, even though there is no sign of this on the clients.
Looking at your notes below lead me to observe a few things. I'm using java-6-opensdk instead of java-6-sun and I'm not having certificate problems. Also, I'm using a cert that I got from CACert via a CSR and am not dealing with .pem files. What makes things all the more interesting is that in testing today, I was given a copy of a key and certificate for a server that has been having certificate errors. When I used their certificates, I had no problem. This leads me to believe that the problem is either with a difference between java-6-sun and java-6-opensdk with the way they handle certificates, or with the ability to update the certificate file from Java instead of the keytool command. I'd be interested in hearing what experiences others have with the below steps. With that, my server is available for testing if anyone wants to try federating with me. Try /add [email protected] as a test. Aldon -----Original Message----- From: [email protected] [mailto:[email protected]]on Behalf Of Brian May Sent: Tuesday, November 03, 2009 8:03 PM To: [email protected] Subject: Re: Connecting to acmewave.com works, wavesandbox.com does not. Help troubleshooting? On Tue, Nov 03, 2009 at 11:06:21AM -0800, 24z wrote: > We've executed all steps outlined in the various wiki articles to set > up federation. We're using a CAcert.org issued certificate/key. We've > set ping-server in run-server.sh to wavesandbox.com. No, sorry. However I will list the steps that i have needed to get my cacert.org ceritificate working (Debian and Ubuntu): 1. Change format of the private key: openssl pkcs8 -topk8 -nocrypt -in /etc/ssl/local/microcomaustralia.com.au.key -out microcomaustralia.com.au.key 2. change following config optionws in run-config: PRIVATE_KEY_FILENAME=microcomaustralia.com.au.key CERTIFICATE_FILENAME_LIST=microcomaustralia.com.au.crt,/etc/ssl/certs/class3 .pem,/etc/ssl/certs/root.pem WAVESERVER_DISABLE_VERIFICATION=false WAVESERVER_DISABLE_SIGNER_VERIFICATION=false 3. import cacert certificate into Java key store: keytool -importcert -storetype jks -keystore /etc/java-6-sun/security/cacerts -file /etc/ssl/certs/root.pem note the password of the keystore is required, and the default password is "changeit". 4. Have considered adding the class3.pem certificate too, so far it doesn't seem to be required... 5. Still need to test federation. Can't do it from wavesandbox side, as it doesn't appear possible to add the contacts... On that matter, I haven't seen confirmation that the sandbox even accepts the cacert.org certificates yet... -- Brian May <[email protected]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
