[LinuxUsers] IRC...

David Kaiser dkaiser at cdk.com
Mon Dec 14 16:16:13 UTC 2009 

What distro?

Your package is named ca-certificate?

Both Ubuntu and Debian packages are named ca-certificates (plural - 's'
at the end)

What do get from the results of:
ls -l /etc/ssl/certs/cacert*

?




On 12/14/2009, "Todd Lyons" <tlyons at ivenue.com> wrote:

>On Mon, Dec 14, 2009 at 12:29 AM, David Kaiser <dkaiser at cdk.com> wrote:
>
>> hostname is: irc.socallinux.org  (specify the entire hostname)
>> Configure your connection to use SSL (TLSv1 or SSLv3) on port 9994 or 9999
>
>I am using 9994.
>
>> I recommend installing the CAcert root (both the Main Class1 and Class3)
>> certs into your local CA certificate bundle.  (Or verify that your
>> operating system already has them.)
>
>[todd at tlyons ~]$ dpkg --list ca-cert*
>Desired=Unknown/Install/Remove/Purge/Hold
>| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
>|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>||/ Name           Version        Description
>+++-==============-==============-============================================
>ii  ca-certificate 20090814       Common CA certificates
>rc  ca-certificate 20081028       Common CA certificates (JKS keystore)
>
>[todd at tlyons ~]$ ls /etc/ssl/certs/ | wc -l
>292
>
>> *   Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits)
>>
>> If it doesn't say 'valid', or somehow shows an obvious error like this:
>>
>> " * Verify return code: 21 (unable to verify the first certificate)"
>>
>> you may not have the CA certificate bundle in place for your client to
>> refer to or some other problem - (ask around for client config help...)
>
>I'm checking that out right now, using this blog posting:
>http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/
>
>Either my XChat is looking in the wrong place for the ca cert bundle,
>or I need to add this particular ca in, but I suspect it's already
>there (see above).
>
>> Let me know if you have any difficulties connecting or using the IRC server.
>
>See anything that screams out what to do?
>
>--- Looking up irc.socallinux.org..
>--- Connecting to irc.socallinux.org (174.143.149.197) port 9994..
>--- * Subject: /CN=irc.cdk.com
>--- * Issuer: /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
>--- * Subject: /CN=irc.cdk.com
>--- * Issuer: /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
>--- * Subject: /CN=irc.cdk.com
>--- * Issuer: /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
>--- * Certification info:
>---   Subject:
>---     CN=irc.cdk.com
>---   Issuer:
>---     O=CAcert Inc.
>---     OU=http:
>---
>---     www.CAcert.org
>---     CN=CAcert Class 3 Root
>---   Public key algorithm: rsaEncryption (2048 bits)
>---   Sign algorithm sha1WithRSAEncryption
>---   Valid since Dec  2 06:39:46 2009 GMT to Dec  2 06:39:46 2011 GMT
>--- * Cipher info:
>---   Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits)
>--- Connection failed. Error: unable to verify the first certificate.? (21)
>
>-- 
>Regards...      Todd
>Real Integrity is doing the right thing, knowing that no body's going
>to know whether you did it or not.
>_______________________________________________
>LinuxUsers mailing list
>LinuxUsers at socallinux.org
>http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers

More information about the LinuxUsers mailing list