We have moved to a new Sailfish OS Forum. Please start new discussions there.
3

SSL certificate used by dukgo.com XMPP-server untrusted? [answered]

asked 2014-12-18 15:28:49 +0200

Shadow gravatar image

updated 2014-12-18 19:13:06 +0200

I have been using dukgo.com XMPP-server for about a year now without big problems. I haven’t had "ignore SSL errors" checked before. Now I have to have it checked for my account to connect. I tested it using mc-tool on terminal. More about that here.

The current certificate for duck.co seems to have been issued on December 2nd. That’s about the same time when my problems started.

The question is: Is the new certificate untrusted on Jolla and why?

Sorry. I’m a newbie when it comes to SSL certificates.

Are there some workarounds for adding that certificate myself? I feel that it’s unsecure to ignore all SSL errors.

The same account works without any problems on my PC with KDE Telepathy.

I am using Sailfish 1.1.0.39.

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by heubergen
close date 2015-07-21 18:46:45.522901

Comments

Have a look at https://together.jolla.com/question/2949/where-can-i-add-a-system-ca-certificate/ for instructions for adding adding a certificate for OpenSSL (and XMPP). If you'd like to use it with the browser too, see https://together.jolla.com/question/835/browser-personal-certificates-import/.

lechris ( 2014-12-18 15:58:33 +0200 )edit

I think they changed the Root CA, but I tried adding my dukgo account (magullo@dukgo.com) and it worked without problem. As far as I can see I am not online now, but no certificate complaints on 1.0.8.

magullo ( 2014-12-18 16:21:05 +0200 )edit

@lechris I already saw that post but I don’t know which certificate I should add there.

Shadow ( 2014-12-18 18:45:17 +0200 )edit

@magullo Ok. I am using Sailfish 1.1 (Uitukka). I don’t see any complaints either, but I cannot connect without the "ignore SSL errors" option. I tested it in terminal with mc-tool. See more about that here.

So, what root certificate should I add in Jolla?

Shadow ( 2014-12-18 18:47:42 +0200 )edit

@Sami-Perkele I had a XMPP server with a self-signed certificate and fetched it directly using openssl s_client -starttls xmpp -showcerts - connect example.com:5222 < /dev/null | openssl x509 -outform PEM > example.pem and added this one in /etc/pki/tls/certs as described by the other question.

lechris ( 2014-12-18 20:11:10 +0200 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2015-07-21 17:20:47 +0200

Shadow gravatar image

To fix this, run

openssl s_client -starttls xmpp -showcerts -connect dukgo.com:5222 < /dev/null | openssl x509 -outform PEM > dukgo.pem

in Jolla’s terminal emulator or on your pc if it run’s on Linux. Then copy the outcoming dukgo.pem file to /home/nemo/.config/telepathy/certs

edit flag offensive delete publish link more

Question tools

Follow
1 follower

subscribe to rss feed

Stats

Asked: 2014-12-18 15:28:49 +0200

Seen: 930 times

Last updated: Jul 21 '15

Related questions

self-signed SSL certificates should be accepted for Exchange sync [answered]

certificate details in Browser

Do not automatically accept all SSL certificates [released]

Email certificate issue (dovecot) [answered]

CalDAV sync with CACert SSL certificate

CA installed and working for OpenSSL but fails with Email app [answered]

How do I install a trusted root certificate?

[solved] SSL problems after upgrading to 1.1.4.29

Enhancement: Presence details screen [answered]

Bug: starting an XMPP chat from People app does not work

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49