Bad certificate chain
Bob Ham
rah at settrans.net
Fri Nov 1 22:01:40 GMT 2013
Hi there,
I'm trying to connect to jabber.earth.li using Pidgin. It tells me that
"The certificate for jabber.earth.li could not be validated. The
certificate chain presented is invalid."
There Pidgin bugs that mention not liking certificate chains that
contain certificates signed using md5WithRSAEncryption due to md5 being
insecure:
https://developer.pidgin.im/ticket/15543
https://developer.pidgin.im/ticket/15486
Apparently, the certificate chain for jabber.earth.li uses exactly this
algorithm for the CA Cert root certificate:
http://xmpp.net/result.php?domain=jabber.earth.li&type=client
and it's the root certificate that Pidgin doesn't like:
(21:58:00) certificate: Checking signature chain for uid=CN=jabber.earth.li
(21:58:00) certificate: ...Good signature by CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc.
(21:58:00) certificate: ...Bad or missing signature by E=support at cacert.org,CN=CA Cert Signing Authority,OU=http://www.cacert.org,O=Root CA
Chain is INVALID
(21:58:00) certificate: Failed to verify certificate for jabber.earth.li
Is anybody aware of a work-around?
Regards,
Bob Ham
More information about the jabber-users
mailing list