Hmm... StartCom should be good. Do you also include the StartCom intermediate cert in your config file ? I guess you have, otherwise check-certificates would have reported a problem. I don't recall whether FedOne throws a stack trace when it fails ? If so, could you share it ?
On Tue, Jan 19, 2010 at 11:52 AM, Rob <[email protected]> wrote: > On Jan 18, 6:42 pm, Jochen Bekmann <[email protected]> wrote: >> For now you need to disable Chat support on your Google domain admin page. > > Ahh, on the Google Domain page, okay. I thought you meant for my XMPP > server, which seemed odd. > > >> On Tue, Jan 19, 2010 at 11:03 AM, Rob <[email protected]> wrote: >> > Also, is the error I mentioned something >> > to worry about? It's the following: >> >> > SEVERE: Failed to add our own signer info to the certificate store >> > org.waveprotocol.wave.crypto.SignatureException: Certificate >> > validation failure >> >> That looks like the certificate signed by your CA is either >> incorrectly configured or it's a CA not recognized by FedOne. Since >> you said earlier that "check-certificates" reported no problems, could >> you please give us some more information ? For starters which CA you >> used to get your certificate. You can check your cert using the >> following: >> >> openssl x509 -in <your certificate file> -text > > It's an XMPP certificate signed by StartCom. AFAIK, I followed the > installation guide step by step. > > [r...@vps wave-protocol]# openssl x509 -in traitwise.com.cert.pem - > text > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 67198 (0x1067e) > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate > Signing, CN=StartCom Class 1 Primary Intermediate Server CA > Validity > Not Before: Jan 8 07:50:28 2010 GMT > Not After : Jan 9 15:02:14 2011 GMT > Subject: description=125499-qjkJ02avHDoCm56T, C=US, O=Persona > Not Validated, OU=StartCom Free Certificate Member, > CN=component.traitwise.com/[email protected] > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (2048 bit) > Modulus (2048 bit): > 00:c6:90:df:b0:ce:48:ed:25:71:2f:a1:56:d3:91: > 20:81:c8:b8:a5:44:c3:9d:3b:73:83:a5:3a:77:01: > 00:b8:88:df:8f:ba:8d:5d:5c:5e:c8:4b:09:41:8c: > 54:ce:5b:9b:68:50:bc:2b:ef:05:a4:a7:78:41:1d: > 78:75:ec:b4:ad:8b:c0:8a:02:af:6a:b6:2b:73:09: > f2:05:21:b3:86:9a:5d:00:20:ed:b6:74:8d:ee:0b: > b2:ca:17:16:01:7f:02:75:04:30:fb:9f:c8:04:bf: > 3e:cd:fc:40:64:0f:99:05:bc:bf:23:d3:f8:d1:9e: > 09:87:fd:8c:32:1b:69:a8:c8:5c:a0:aa:53:8e:9c: > 56:76:03:a9:2a:18:94:67:97:2d:4c:df:d6:98:f5: > 00:21:85:ed:fb:21:f7:df:90:7a:0d:5d:43:f1:c4: > 9b:0d:04:8a:99:fb:9c:2b:c7:fc:e9:22:08:45:be: > 1b:a5:54:f5:52:cc:84:5f:90:bb:58:37:92:a6:85: > bc:6d:60:ab:79:20:ba:57:35:d9:a2:c7:36:a5:98: > 3d:ec:ac:fb:17:0d:12:62:ba:2b:fc:cc:89:d0:6d: > eb:39:5d:9d:ce:91:02:78:c2:41:2b:f4:9e:4a:f3: > 52:e8:58:c5:25:18:26:0b:34:10:7e:62:41:8c:39: > ac:23 > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Basic Constraints: > CA:FALSE > X509v3 Key Usage: > Digital Signature, Key Encipherment, Key Agreement > X509v3 Extended Key Usage: > TLS Web Server Authentication > X509v3 Subject Key Identifier: > 8D:CD:68:C4:EF:2A:C9:10:85:FC:E7:33:4E:9D:A3:E0:E2:A4:2D: > 01 > X509v3 Authority Key Identifier: > keyid:EB:42:34:D0:98:B0:AB:9F:F4:1B:6B:08:F7:CC:64:2E:EF: > 0E:2C:45 > > X509v3 Subject Alternative Name: > DNS:component.traitwise.com, DNS:traitwise.com, > othername:<unsupported>, othername:<unsupported> > X509v3 Certificate Policies: > Policy: 1.3.6.1.4.1.23223.1.2.1 > CPS: http://www.startssl.com/policy.pdf > CPS: http://www.startssl.com/intermediate.pdf > User Notice: > Organization: StartCom Ltd. > Number: 1 > Explicit Text: Limited Liability, see section *Legal > Limitations* of the StartCom Certification Authority Policy available > at http://www.startssl.com/policy.pdf > > X509v3 CRL Distribution Points: > URI:http://www.startssl.com/crt1-crl.crl > URI:http://crl.startssl.com/crt1-crl.crl > > Authority Information Access: > OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca > CA Issuers - URI:http://www.startssl.com/certs/ > sub.class1.server.ca.crt > > X509v3 Issuer Alternative Name: > URI:http://www.startssl.com/ > Signature Algorithm: sha1WithRSAEncryption > 1f:af:36:ba:4e:5f:17:25:8b:06:2b:37:24:b2:48:5f:1c:48: > cf:a0:c6:1f:4d:60:40:06:a3:fa:c0:50:42:ef:1b:e2:1b:5a: > 87:5d:cd:28:de:f9:a2:63:d5:37:d6:4e:e6:69:27:c2:f3:19: > 3c:30:fa:d8:b5:56:55:21:7d:d8:68:7e:58:ba:df:f0:ba:ac: > 1c:5a:5b:65:7f:75:e0:88:1f:6d:18:e2:49:cf:cd:3d:c2:e1: > 98:a4:d0:2b:53:cc:77:2b:0a:85:c6:6a:fa:83:fa:86:40:7c: > 9f:d8:76:09:47:f7:f9:e6:79:7d:89:51:ea:c9:cb:83:74:90: > 6e:60:28:91:40:19:ec:5a:a9:90:b8:77:0a:6d:f5:12:94:f8: > ad:dc:f7:44:82:88:a1:32:fb:01:8d:44:85:22:0f:17:45:f9: > 4b:84:0a:88:bd:c5:d9:14:13:02:7c:80:9c:74:3b:70:f3:2a: > 65:8d:3c:7f:2e:0d:b5:a3:20:07:e0:41:40:f8:ec:ef:1c:1a: > 05:a0:29:20:64:7e:cc:3b:01:4c:23:99:78:c8:e6:69:e1:e5: > a0:a7:36:d5:b9:82:44:9c:c0:aa:10:7b:cd:ff:7d:86:79:76: > 34:47:71:9e:45:52:ce:a5:d0:dc:78:46:bd:43:85:89:bd:ca: > 0b:ff:9d:d7 > > > -- > You received this message because you are subscribed to the Google Groups > "Wave Protocol" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/wave-protocol?hl=en. > > > >
-- You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en.
