Self-signed cert and Pidgin.
Hey, all. I've got a cert that has two problems with it: 1) It's self-signed, and 2) Its associated with a hostname that's inaccessible externally; the *service* is accessible externally, but through port forwarding. To work around #2, I set up an /etc/hosts entry; based on what I understand about SSL (or *think* I understand; I'm pretty hazy on certain parts), that should be okay. But #1 seems to be an issue. When I try to fire up Pidgin, here's what I get: - Unable to validate certificate The certificate for foo.com could not be validated. The certificate chain presented is invalid. - I've googled until I'm blue in the face, tried to toggle the various features in the advanced tab in Pidgin's XMMP settings, tried to copy the PEM file everywhere and running various update-ca-certificates commands, etc., to no avail. (Truly, it astonishes me that there's no accept the damn cert, already feature, but not sure what's to be done about that.) Anyone have this issue? Any suggestions on a work-around? The surprising thing is that this is relatively new; my home machine works fine. I almost wonder if it's an Ubuntu feature, as my Mint system seems happy enough -- maybe something's been updated in SSL or somesuch, and it hasn't percolated to Mint yet. Though as I haven't done a new Mint install, even that's pure speculation on my part. Thanks for any insights... -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Self-signed cert and Pidgin.
Is the `Tools - Certificates' option in the menu of any use? -- Don't be afraid to ask (λf.((λx.xx) (λr.f(rr. On 2015-03-30 10:25, Ken D'Ambrosio wrote: Hey, all. I've got a cert that has two problems with it: 1) It's self-signed, and 2) Its associated with a hostname that's inaccessible externally; the *service* is accessible externally, but through port forwarding. To work around #2, I set up an /etc/hosts entry; based on what I understand about SSL (or *think* I understand; I'm pretty hazy on certain parts), that should be okay. But #1 seems to be an issue. When I try to fire up Pidgin, here's what I get: - Unable to validate certificate The certificate for foo.com could not be validated. The certificate chain presented is invalid. - I've googled until I'm blue in the face, tried to toggle the various features in the advanced tab in Pidgin's XMMP settings, tried to copy the PEM file everywhere and running various update-ca-certificates commands, etc., to no avail. (Truly, it astonishes me that there's no accept the damn cert, already feature, but not sure what's to be done about that.) Anyone have this issue? Any suggestions on a work-around? The surprising thing is that this is relatively new; my home machine works fine. I almost wonder if it's an Ubuntu feature, as my Mint system seems happy enough -- maybe something's been updated in SSL or somesuch, and it hasn't percolated to Mint yet. Though as I haven't done a new Mint install, even that's pure speculation on my part. Thanks for any insights... -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Fwd: Self-signed cert and Pidgin.
Oops, replied direct. -- Forwarded message -- On Mon, Mar 30, 2015 at 10:25 AM, Ken D'Ambrosio k...@jots.org wrote: To work around #2, I set up an /etc/hosts entry; based on what I understand about SSL (or *think* I understand; I'm pretty hazy on certain parts), that should be okay. But #1 seems to be an issue. When I try to fire up Pidgin, here's what I get: - Unable to validate certificate The certificate for foo.com could not be validated. The certificate chain presented is invalid. Reading bug-reports, supposedly Pidgin will prompt for self-signed / unknown certs once, and every time for expired certs. One suggestion i see for debugging Pidgin TLS is using openssl client. openssl s_client -connect host.name.here.net:5222 -CApath /etc/ssl/certs -starttls xmpp ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/