Hi everybody this is my first message on the list. I have openssl installed and I want to add a certificate as a CA certificate so that all the certificates signed by that certificate are taken without warnings or whatever. So I downloaded the certificate (which is jabber.org CA certificate) and I copied it to /etc/ssl/certs and then I executed c_rehash on the same directory. The problem isn't solved yet because if I execute:
> openssl s_client -connect jabber.org:5223 I get > New, TLSv1/SSLv3, Cipher is AES256-SHA > Server public key is 2048 bit > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1 > Cipher : AES256-SHA > Session-ID: > 36A34E023EC0DDAED869DF9DD02181C871AA0593A4DF5047B491D29A304BB986 > Session-ID-ctx: > Master-Key: > 54D8D522E7D05E71222F99DA2F1E23D65086E84F2B4ABE9A558AD0DA4DC61E46235EEA962478EFAE5B558F4FB990F288 > Key-Arg : None > Start Time: 1178471779 > Timeout : 300 (sec) > ***Verify return code: 19 (self signed certificate in certificate chain)*** but if I type > openssl s_client -connect jabber.org:5223 -CAfile ca.crt I get > New, TLSv1/SSLv3, Cipher is AES256-SHA > Server public key is 2048 bit > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1 > Cipher : AES256-SHA > Session-ID: > FC6005ABA74A8C09024B2BAB9061DEF5891E26A37785E9B14E5B9DE9D0C65B0D > Session-ID-ctx: > Master-Key: > 500946BCA15CD7C6469DC0B3F95A09751797A96216938DDED9DDC3CC23613E1CAF4EA79F3FFB4B44038C4B84FEA13A33 > Key-Arg : None > Start Time: 1178471850 > Timeout : 300 (sec) > Verify return code: 0 (ok) > --- Which is exactly what I want to happen every time I connect to that server. Besides IM clients such as kopete and psi rely on openssl's certs and if I solve this problem I will solve the warnings the IM always show about the certificate. Thanks for your help. Noiano
signature.asc
Description: OpenPGP digital signature
