Hi there,

I'm trying to connect to jabber.earth.li using Pidgin. It tells me that

"The certificate for jabber.earth.li could not be validated. The certificate chain presented is invalid."

There Pidgin bugs that mention not liking certificate chains that contain certificates signed using md5WithRSAEncryption due to md5 being insecure:

https://developer.pidgin.im/ticket/15543 https://developer.pidgin.im/ticket/15486

Apparently, the certificate chain for jabber.earth.li uses exactly this algorithm for the CA Cert root certificate:

http://xmpp.net/result.php?domain=jabber.earth.li&type=client

and it's the root certificate that Pidgin doesn't like:

(21:58:00) certificate: Checking signature chain for uid=CN=jabber.earth.li (21:58:00) certificate: ...Good signature by CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. (21:58:00) certificate: ...Bad or missing signature by E=support@cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA Chain is INVALID (21:58:00) certificate: Failed to verify certificate for jabber.earth.li

Is anybody aware of a work-around?

Regards,

Bob Ham