XMPP Service Operators - 2019-12-03

  1. Martin

    Can somebody tell xmpp:cccfr@conference.cccfr.de?join that their cert is invalid? > Establishing a secure connection from jabber.cccfr.de to mdosch.de failed. Certificate hash: f95784a47e20c3c22a52b9362f6ce9e829e60297536ce8e3347da6badb15b182. Error with certificate 0: unable to get local issuer certificate, unable to verify the first certificate.

  2. Martin

    Same for their muc component > Establishing a secure connection from mdosch.de to conference.cccfr.de failed. Certificate hash: f95784a47e20c3c22a52b9362f6ce9e829e60297536ce8e3347da6badb15b182. Error with certificate 0: unable to get local issuer certificate, unable to verify the first certificate.

  3. Bakunin

    Martin: jabber.cccfr.de It seems correct but conference. * is not in the certificate.

  4. Bakunin

    https://xmpp.skynetcloud.site/upload/tKF1azYmN36Kg3xU/mJGjXIPTRv-Jr9EadiPnxQ.jpg

  5. Martin

    For me neither works. Maybe selfsigned or so.

  6. Bakunin

    They have LetsEncrypt Certificate.According to a post from the letsencrypt forum: fullchain.pem is just a concatenation of cert.pem (its "public key", although a certificate is much clearer ...) and chain.pem. This is because some implementations (such as Apache> = 2.4.8) will need the chain certificate in the same file as the sheet certificate. Maybe they have only the "cert.pem" certificate and your xmpp server needs the complete chain to work. All this is a hypothesis. Maybe it's something much simpler. But in xmpp.net you can see the same error.

  7. Bakunin

    https://xmpp.net/result.php?domain=jabber.cccfr.de&type=client