> Could you please try to run > openssl s_client -connect word.mayfirst.org:5222 -starttls xmpp -CApath > /etc/ssl/certs/ > > And report here the output, so we can be sure the certificate is > correctly installed?
Yes - here's the output. Also - the public key of the certificate authority that signed the word.mayfirst.org cert is publicly available here: https://support.mayfirst.org/attachment/wiki/mfpl_certificate_authority/mfpl.crt Thanks for your help. jamie 0 jamie@animal:~$ openssl s_client -connect word.mayfirst.org:5222 -starttls xmpp -CApath /etc/ssl/certs/ CONNECTED(00000003) depth=1 O = May First/People Link, emailAddress = i...@mayfirst.org, L = New York, ST = New York, C = US, CN = MFPL Root CA verify return:1 depth=0 C = US, ST = New York, O = May First/People Link, CN = word.mayfirst.org, emailAddress = i...@mayfirst.org verify return:1 --- Certificate chain 0 s:/C=US/ST=New York/O=May First/People Link/CN=word.mayfirst.org/emailAddress=i...@mayfirst.org i:/O=May First/People Link/emailAddress=i...@mayfirst.org/L=New York/ST=New York/C=US/CN=MFPL Root CA 1 s:/O=May First/People Link/emailAddress=i...@mayfirst.org/L=New York/ST=New York/C=US/CN=MFPL Root CA i:/O=May First/People Link/emailAddress=i...@mayfirst.org/L=New York/ST=New York/C=US/CN=MFPL Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIC/jCCAmcCATYwDQYJKoZIhvcNAQEFBQAwgYwxHjAcBgNVBAoTFU1heSBGaXJz dC9QZW9wbGUgTGluazEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYXlmaXJzdC5vcmcx ETAPBgNVBAcTCE5ldyBZb3JrMREwDwYDVQQIEwhOZXcgWW9yazELMAkGA1UEBhMC VVMxFTATBgNVBAMTDE1GUEwgUm9vdCBDQTAeFw0xMjAxMjAwOTE5MzBaFw0xMzAx MTkwOTE5MzBaMH4xCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazEeMBwG A1UEChMVTWF5IEZpcnN0L1Blb3BsZSBMaW5rMRowGAYDVQQDExF3b3JkLm1heWZp cnN0Lm9yZzEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYXlmaXJzdC5vcmcwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvgB+KgvKPclL7ESGTgYqCIPXCyp0j wH+3Q+q5KkIP5PKax3h2/UIobkXf1En4+FRhr5sCIewCxGYC5/bGUsKLQ1TUaRr+ uc/cnXK4ytXb6KI7KznpPOFKcsK3OvjlTRUOPB9djXRUAgxgf+cjwK+UEroF9DrZ MXaeRUT3ZhpIql1umstulCTZnV76Zh1886H05JBuq7P/TtMd6eO73WLZgb6NNtYb 4fk5+d3U+Q7ceaJbhvq6etihTyZAuT1okjHanx0aYDIBDrH9q3SwbyiIIFbDxDFv rY/6Twt+siqJ2PuI8tbHY88Dg/YntVowAK3EPLybwi17KRE7FgFvRj9hAgMBAAEw DQYJKoZIhvcNAQEFBQADgYEAk0OuE5Sb3Dh4oAhr6a0rLNpXJ4qQIayc12KZ/igr XHB14/BO11xTV4fzdX1Zd+6WCIcL2/igsv74BkgoW1HyLFVtv6v5vifpZRHkCbMJ TVUvZs/LeAHV1sgPY51r5YLkXaltRqJ0W7vITDiAapeSJf8RUzeyhLF94PAmZo5h 53k= -----END CERTIFICATE----- subject=/C=US/ST=New York/O=May First/People Link/CN=word.mayfirst.org/emailAddress=i...@mayfirst.org issuer=/O=May First/People Link/emailAddress=i...@mayfirst.org/L=New York/ST=New York/C=US/CN=MFPL Root CA --- No client certificate CA names sent --- SSL handshake has read 2490 bytes and written 668 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : SSLv3 Cipher : AES256-SHA Session-ID: Session-ID-ctx: Master-Key: 197661BD96B0FEE7BD7F10063B88E2368A62035EAA5612E497C34D29E11ED292EDF0E1FEAF2AD867145BCFAC77E5A7F5 Key-Arg : None PSK identity: None PSK identity hint: None Compression: 1 (zlib compression) Start Time: 1328281682 Timeout : 7200 (sec) Verify return code: 0 (ok) --- ^C 130 jamie@animal:~$ -- Jamie McClelland 718-303-3204 ext. 1 May First/People Link Growing networks to build a just world http://www.mayfirst.org https://support.mayfirst.org Members Local 1180, Communications Workers of America, AFL-CIO PGP Key: http://current.workingdirectory.net/pages/identity/
signature.asc
Description: Digital signature
