|
James Kokou GAGLO opened 1 decade ago
|
|
Did you, apart from placing the certificate in correct location, also included all needed part? Can you quote error from the logs (either |
|
|
Hi, We copy ca.crt domain.crt domain.pem domain.key domain.csr files in the certs folder. We set --ssl-container-class=tigase.io.SSLContextContainer parameter in etc/init.properties. Find attached the server load logs. Best regards |
|
|
From the provided logs it looks like Tigase correctly loaded the certificate: Is the domain ok? Is the file mentioned in the logs ok (and not the default one - self-signed generated by Tigase)? |
|
|
Yes the domain is ok and the files too. |
|
|
As the logs indicate: Certificate chain is not complete. Please make sure that every needed parts are included. |
|
|
I'm sorry, above bit is related to different file. Given previous information - that the domain is ok, the file path is ok as well that the file under that path is correct (i.e. not replaced by the self-signed certificate) then this file was loaded correctly without creating backup file and will be served to the client. Could you confirm? |
|
|
No problem. The domain is ok, the file path is ok but is replaced by the self-signed certificate. The good one is save as chat.ginger-messenger.com.pem.bak. Find attached screenshots from psi client. So the server still does not load the certificat. |
|
James, this is really not a bug report but rather a support request. In the future, please use our online forums to submit support requests and ask deployment questions. Wojciech, you seem the most competent to help with this, therefore assigning this to you. |
|
|
Ok, I get it. Thanks Artur. |
|
|
Hi, There is no solution for my issue? |
|
|
Please:
and share the resulting output. |
|
|
Hi, Logs files are in log folder and outputs one are in output folder. We run first the java -cp command with chat.ginger-messenger.com.pem and after with chat.ginger-messenger.com.pem.bak. The chat.ginger-messenger.com.pem.bak file is our certificate that Tigase renames before regenerate it's own. |
|
|
From the logs: And the certificate structure: Please include also @CN=Thawte Premium Server CA@: thawte_Premium_Server_CA.pem |
|
|
Hi, I still have the same output in the logs. Find attached screenshot and logs. Best regards, |
|
|
Please also include output from CertificateUtil. |
|
|
The CertificateUtil outputs |
|
|
Hi, do you find something else? |
|
|
The attached "File chat.ginger-messenger.com.pem.bak.output added" is exactly the same as the previous one. Are you sure that you've included |
|
|
Hi, Indeed I've forgotten to include the thawte_Premium_Server_CA.pem. Thank you for your help. It's work now. You can check it here : [[https://xmpp.net/result.php?domain=chat.ginger-messenger.com&type=client]] I'd like to know how you find that the thawte_Premium_Server_CA.pem is missing. Best regards |
| Type |
Bug
|
| Priority |
Normal
|
| Assignee | |
| RedmineID |
2232
|
| Spent time |
18h
|
I'm trying to load a SSL certificate sign by thawte in a XMPP server running on Tigase 5.2.
As described in this howto the certificate is in certs/ folder, but the server rename it with .bak extension and generate its own certificate. Anybody once faced this issue?
tigase.log.0 tigase-console.log Capture d’écran 2014-09-04 à 09.08.42.png Capture d’écran 2014-09-04 à 09.08.21.png Archive.zip logs.zip Capture d’écran 2014-09-17 à 13.28.55.png chat.ginger-messenger.com.pem.output chat.ginger-messenger.com.pem.bak.output