Did you, apart from placing the certificate in correct location, also included all needed part?

Can you quote error from the logs (either logs/tigase-console.log or @logs/tigase.log.0@) related to the loading of certificate?

Hi,

We copy ca.crt domain.crt domain.pem domain.key domain.csr files in the certs folder.

We set --ssl-container-class=tigase.io.SSLContextContainer parameter in etc/init.properties.

Find attached the server load logs.

Best regards

From the provided logs it looks like Tigase correctly loaded the certificate:

SSLContextContainer.init()         CONFIG:   Loaded server certificate for domain: chat.ginger-messenger.com from file: certs/chat.ginger-messenger.com.pem

Is the domain ok? Is the file mentioned in the logs ok (and not the default one - self-signed generated by Tigase)?

Yes the domain is ok and the files too.

As the logs indicate:

2014-09-02 15:03:46.872 [main]             SSLContextContainer.init()         WARNING:  Cannot load certficate from file: certs/chat.ginger-messenger.com.crt
java.lang.RuntimeException: Can't find root certificate in chain!

Certificate chain is not complete. Please make sure that every needed parts are included.

I'm sorry, above bit is related to different file.

Given previous information - that the domain is ok, the file path is ok as well that the file under that path is correct (i.e. not replaced by the self-signed certificate) then this file was loaded correctly without creating backup file and will be served to the client.

Could you confirm?

No problem.

The domain is ok, the file path is ok but is replaced by the self-signed certificate. The good one is save as chat.ginger-messenger.com.pem.bak. Find attached screenshots from psi client.

So the server still does not load the certificat.

James, this is really not a bug report but rather a support request. In the future, please use our online forums to submit support requests and ask deployment questions.

Wojciech, you seem the most competent to help with this, therefore assigning this to you.

Ok, I get it. Thanks Artur.

Hi,

There is no solution for my issue?

Please:

• remove all files that are not *.pem certificate from certs/ directory and create a fresh logs, then share them;

• run following command:

java -cp jars/tigase-server.jar tigase.cert.CertificateUtil --load-cert certs/<cert_file.pem>

and share the resulting output.

Hi,

Logs files are in log folder and outputs one are in output folder.

We run first the java -cp command with chat.ginger-messenger.com.pem and after with chat.ginger-messenger.com.pem.bak.

The chat.ginger-messenger.com.pem.bak file is our certificate that Tigase renames before regenerate it's own.

From the logs:

2014-09-15 17:19:33.626 [main]             SSLContextContainer.init()         WARNING:  Cannot load certficate from file: certs/ginger-messenger.com.pem
java.lang.RuntimeException: Can't find root certificate in chain!

And the certificate structure:

  Subject: CN=chat.ginger-messenger.com
  Issuer: CN=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US
  Subject: CN=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US
  Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Issuer: CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

Please include also @CN=Thawte Premium Server CA@: thawte_Premium_Server_CA.pem

Hi, I still have the same output in the logs.

2014-09-17 15:25:32.671 [main]             SSLContextContainer.init()         WARNING:  Cannot load certficate from file: certs/ginger-messenger.com.pem

Find attached screenshot and logs.

Best regards,

Please also include output from CertificateUtil.

The CertificateUtil outputs

Hi, do you find something else?

The attached "File chat.ginger-messenger.com.pem.bak.output added" is exactly the same as the previous one. Are you sure that you've included thawte_Premium_Server_CA.pem in the file as the output did not mention it at all.

Hi,

Indeed I've forgotten to include the thawte_Premium_Server_CA.pem. Thank you for your help. It's work now.

You can check it here : [[https://xmpp.net/result.php?domain=chat.ginger-messenger.com&type=client]]

I'd like to know how you find that the thawte_Premium_Server_CA.pem is missing.

Best regards