Hi there,
I'm trying to connect to jabber.earth.li using Pidgin. It tells me that
"The certificate for jabber.earth.li could not be validated. The
certificate chain presented is invalid."
There Pidgin bugs that mention not liking certificate chains that
contain certificates signed using md5WithRSAEncryption due to md5 being
insecure:
https://developer.pidgin.im/ticket/15543https://developer.pidgin.im/ticket/15486
Apparently, the certificate chain for jabber.earth.li uses exactly this
algorithm for the CA Cert root certificate:
http://xmpp.net/result.php?domain=jabber.earth.li&type=client
and it's the root certificate that Pidgin doesn't like:
(21:58:00) certificate: Checking signature chain for uid=CN=jabber.earth.li
(21:58:00) certificate: ...Good signature by CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
(21:58:00) certificate: ...Bad or missing signature by E=support(a)cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA
Chain is INVALID
(21:58:00) certificate: Failed to verify certificate for jabber.earth.li
Is anybody aware of a work-around?
Regards,
Bob Ham