Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server-core
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
OneDev 11.6.0
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server server-core Issues #1465
Tigase XMPP Server Unable to Read SSL Certificate (#1465)
Unknown opened 3 years ago

Describe the bug The SSL/TLS certificate that I put inside of certs/default.pem fails to be read, resulting in the following error in tigase-console.log:

2022-01-11 08:57:44.036 [main]             CertificateContainer.initialize()       WARNING:  Cannot load certficate from file: certs/xmpp.yeetnite.ml.pem: Can't find certificate CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US in chain. Verify that all entries are correct and match against each other!

To Reproduce Steps to reproduce the behavior:

  1. Setup a working instance of Tigase XMPP Server
  2. Generate an SSL/TLS certificate using the instructions at the certbot website
  3. Merge certificates using the instructions at docs.tigase.net
  4. Check logs for the aforementioned error

Impact Tigase starts, but certificate defaults to the self-signed one, thus leading to SSL certificate invalid errors on encrypted ports.

Expected behavior the SSL/TLS certificate is read by the Tigase XMPP server and then applied to the relevant vhosts

Screenshots N/A

Details (please complete the following information):

  • Tigase version: 8.0.0-b10083/6923973a
  • JVM flavour and version OpenJDK 11
  • Operating system/distribution/version Debian 10 aarch64

Additional context The certificates are generated using Certbot
Unknown commented 3 years ago

Please take a look at the updated documentation: https://docs.tigase.net/tigase-server/master-snapshot/Administration_Guide/html_chunk/ServerCertificates.html#LetsEncryptCertificate and pay special attention to the chain certificates that you include (especially considering Let's Encrypt's X3 and DST Root CA X3 certificates)!
Unknown commented 3 years ago

Please take a look at the updated documentation: https://docs.tigase.net/tigase-server/master-snapshot/Administration_Guide/html_chunk/ServerCertificates.html#LetsEncryptCertificate and pay special attention to the chain certificates that you include (especially considering Let's Encrypt's X3 and DST Root CA X3 certificates)!

The updated documentation solved my issues. I had tried both chain certificates in the old documentation, but the new ones worked perfectly. Thank you.
Referenced from commit 1 year ago
extend script CompManager.groovy with option to list component information; fix #1465: Adhoc to retrieve list of active components
Wojciech Kapcia committed 1 decade ago
0cb1a990
Referenced from commit 1 year ago
add component information, including version and class; fix #1465: Adhoc to retrieve list of active components
Wojciech Kapcia committed 1 decade ago
44c49a71
issue 1 of 1
Type
Bug
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/server-core#1465
Please wait...
Page is in error, reload to recover