Author Topic: New SSL Cert for Jabber @phcn.de  (Read 4658 times)

DarthShredder

  • Global Moderator
  • Immernoch zu viel RL
  • *****
  • Posts: 26
  • Karma: +10/-0
    • View Profile
New SSL Cert for Jabber @phcn.de
« on: April 08, 2014, 12:27:28 pm »
We have upgraded our Jabber SSL Cert with our self-signed RootCA (like this Forum)
The Cert is 8192bit. Maybe you have to update your Jabber Client because old openssl libs would not work.
(For Pidgin: Use the newest version on windows, if need be recompile with new openssl on linux)
« Last Edit: April 08, 2014, 04:01:24 pm by p »

axelerator

  • Guest
Re: New SSL Cert for Jabber @phcn.de
« Reply #1 on: April 10, 2014, 03:25:13 pm »
I think the crtificate still missing something more  than signing by an official authority .. The chrome browser won't let me connect to the forum at all - (see attachments) - also the (pidgin based) OSX instant messenger Adium that I'm using on OXS to access my jabber account won't let me connect with an SSL Handshake error - normally I would simply trust you self signed certificate, but Chrome would not even let me display it..  :-\

axelerator

  • Guest
Re: New SSL Cert for Jabber @phcn.de
« Reply #2 on: April 10, 2014, 03:26:32 pm »
Additional image for situation above:

DarthShredder

  • Global Moderator
  • Immernoch zu viel RL
  • *****
  • Posts: 26
  • Karma: +10/-0
    • View Profile
Re: New SSL Cert for Jabber @phcn.de
« Reply #3 on: April 10, 2014, 05:00:32 pm »
I think the crtificate still missing something more  than signing by an official authority .. The chrome browser won't let me connect to the forum at all - (see attachments) - also the (pidgin based) OSX instant messenger Adium that I'm using on OXS to access my jabber account won't let me connect with an SSL Handshake error - normally I would simply trust you self signed certificate, but Chrome would not even let me display it..  :-\

First
this certificate has nothing to do with heartbleed bug. Our Jabber cert just ends on april 8th 2014 so simply we needed a new one ...

To the problem
The forum uses a Cert from 31.10.2013. The CommonName is "board.phcn.*" This could be a problem for your Chrome if it uses an old ssl lib (older than 4 years). The Cert uses 8192bits this could be a problem too
Our Jabber server uses the same style for "*phcn.de" . We also got some errors with older Pidgin versions on windows because they used an old ssl lib from 2006-2008 (why?)

Please have a look at your browser whether you see our RootCA. See my screenshot



axelerator

  • Guest
Re: New SSL Cert for Jabber @phcn.de
« Reply #4 on: April 23, 2014, 11:03:28 am »
I installed all OSX updates, I have the current official Chrome release and a nightly build of the Pidgin Port for OSX(Adium).

Certificates on OSX are managed by a central app on osx the keychain - to trust a certificate the following seems to be the common way to import one.

http://www.robpeck.com/2010/10/google-chrome-mac-os-x-and-self-signed-ssl-certificates/

However, when I try that on the certificate board.phcn.net issues, Chrome crashes  :-\
« Last Edit: April 23, 2014, 11:39:27 am by axelerator »

axelerator

  • Guest
Re: New SSL Cert for Jabber @phcn.de
« Reply #5 on: April 24, 2014, 11:47:48 am »

p

  • Global Moderator
  • Apache
  • *****
  • Posts: 110
  • Karma: +27/-0
    • View Profile
Re: New SSL Cert for Jabber @phcn.de
« Reply #6 on: April 24, 2014, 11:54:54 am »

DarthShredder

  • Global Moderator
  • Immernoch zu viel RL
  • *****
  • Posts: 26
  • Karma: +10/-0
    • View Profile
Re: New SSL Cert for Jabber @phcn.de
« Reply #7 on: April 28, 2014, 12:52:52 pm »
Quote
Security update 2006-007 apparently broke 8192-bit certificates on OS X and no one bothered to fix it

Das wird wohl in den nächsten Jahren ein riesen Problem werden. Will gar nicht wissen, was da sonst so für Kleinigkeiten versteckt sind, die in naher Zukunft noch aufbrechen ...