Cannot make or receive a SIP call via Jigasi in "secure domain" setup; looks like a certificate issue?


#1

Hello!

First, thanks for all your hard work on jitsi — I did a fresh installation today, and the setup is so much easier than even a few months ago.

I’ve followed the “quick install” procedure to set up jitsi with jigasi, using the debian stable repo, and I can make calls both in and out over SIP.

However, when I configure “secure domain”, I lose the ability to make in-bound or out-bound calls.

In addition to the “normal” secure domain set-up, I edited /etc/jitsi/jigasi/sip-communicator.properties by uncommenting the following, and changing the values:

org.jitsi.jigasi.xmpp.acc.USER_ID=SOME_USER@SOME_DOMAIN
org.jitsi.jigasi.xmpp.acc.PASS=SOME_PASS
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false

to

org.jitsi.jigasi.xmpp.acc.USER_ID=voip@meetme.domain.com
org.jitsi.jigasi.xmpp.acc.PASS=dm9pcHBhc3N3b3Jk
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false

The password I have added is a base64 encoding of a test password, “voippassword” — I have also tried it in non-base64 format.

I have verified that the userID and password work for the purposes of authenticating a new room creation.

It looks, to my untrained eye, as if the problem might be to do with certificates? /var/log/jitsi/jigasi.log below, with my domain replaced with domain.com.

Any thoughts would be very welcome.

Best wishes

Neil


2018-07-30 17:00:25.467 INFO: [55] impl.protocol.sip.ProxyRouter.getNextHop().167 Outbound proxy mode, using proxy 192.168.2.1:5060/UDP as hop instead of an address resolved by the SIP router
2018-07-30 17:00:25.471 INFO: [499] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:00:50.468 INFO: [55] impl.protocol.sip.ProxyRouter.getNextHop().167 Outbound proxy mode, using proxy 192.168.2.1:5060/UDP as hop instead of an address resolved by the SIP router
2018-07-30 17:00:50.475 INFO: [500] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:01:15.469 INFO: [55] impl.protocol.sip.ProxyRouter.getNextHop().167 Outbound proxy mode, using proxy 192.168.2.1:5060/UDP as hop instead of an address resolved by the SIP router
2018-07-30 17:01:15.476 INFO: [501] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:01:40.470 INFO: [55] impl.protocol.sip.ProxyRouter.getNextHop().167 Outbound proxy mode, using proxy 192.168.2.1:5060/UDP as hop instead of an address resolved by the SIP router
2018-07-30 17:01:40.474 INFO: [502] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:02:05.471 INFO: [55] impl.protocol.sip.ProxyRouter.getNextHop().167 Outbound proxy mode, using proxy 192.168.2.1:5060/UDP as hop instead of an address resolved by the SIP router
2018-07-30 17:02:05.475 INFO: [503] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:02:30.472 INFO: [55] impl.protocol.sip.ProxyRouter.getNextHop().167 Outbound proxy mode, using proxy 192.168.2.1:5060/UDP as hop instead of an address resolved by the SIP router
2018-07-30 17:02:30.475 INFO: [504] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:02:55.472 INFO: [55] impl.protocol.sip.ProxyRouter.getNextHop().167 Outbound proxy mode, using proxy 192.168.2.1:5060/UDP as hop instead of an address resolved by the SIP router
2018-07-30 17:02:55.477 INFO: [505] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:03:08.649 WARNING: [109] org.jitsi.jigasi.xmpp.CallControl.handleIQ().175 Requests are not secured by JID filter!
2018-07-30 17:03:08.650 INFO: [109] org.jitsi.jigasi.xmpp.CallControl.handleIQ().195 Got dial request fromnumber -> 200 room: siptest@conference.meetme.domain.com
2018-07-30 17:03:08.655 INFO: [109] org.jitsi.jigasi.JvbConference.setXmppProvider().523 164ebedd0e8@callcontrol.meetme.domain.com will use ProtocolProviderServiceJabberImpl(voip@meetme.domain.com (Jabber))
2018-07-30 17:03:08.661 WARNING: [109] org.jitsi.xmpp.component.ComponentBase.verifyProcessingTime().538 PROCESSING TIME LIMIT EXCEEDED - it took 13ms to process:
2018-07-30 17:03:08.694 SEVERE: [508] impl.certificate.CertificateServiceImpl.verify().1089 Missing CertificateDialogService by default will not trust!
2018-07-30 17:03:08.695 INFO: [508] impl.certificate.CertificateServiceImpl.checkCertTrusted().857 Untrusted certificate
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:755)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkServerTrusted(CertificateServiceImpl.java:720)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2603)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:444)
at org.jivesoftware.smack.XMPPConnection.access$200(XMPPConnection.java:56)
at org.jivesoftware.smack.XMPPConnection$TCPXmppPacketReader.doParsePackets(XMPPConnection.java:702)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:247)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:46)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:86)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
… 23 more
2018-07-30 17:03:08.700 SEVERE: [507] org.jivesoftware.smack.PacketWriter.writePackets() Error writing packet
java.net.SocketException: Socket closed
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:118)
at java.net.SocketOutputStream.write(SocketOutputStream.java:155)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
at java.io.BufferedWriter.flush(BufferedWriter.java:254)
at org.jivesoftware.smack.PacketWriter.writePackets(PacketWriter.java:224)
at org.jivesoftware.smack.PacketWriter.access$000(PacketWriter.java:43)
at org.jivesoftware.smack.PacketWriter$1.run(PacketWriter.java:93)
2018-07-30 17:03:08.701 SEVERE: [509] service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged().201 An error occurred while executing RegistrationStateChangeListener#registrationStateChanged(RegistrationStateChangeEvent) of net.java.sip.communicator.impl.protocol.jabber.OperationSetPersistentPresenceJabberImpl$RegistrationStateListener@3ee9f57b
java.lang.NullPointerException
2018-07-30 17:03:08.701 SEVERE: [509] service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged().201 An error occurred while executing RegistrationStateChangeListener#registrationStateChanged(RegistrationStateChangeEvent) of net.java.sip.communicator.impl.protocol.jabber.OperationSetTypingNotificationsJabberImpl$ProviderRegListener@711316ed
java.lang.NullPointerException
2018-07-30 17:03:08.701 INFO: [509] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().125 Jingle : OFF
2018-07-30 17:03:08.702 SEVERE: [509] org.jitsi.jigasi.JvbConference.registrationStateChanged().557 Unregistered XMPP on 164ebedd0e8@callcontrol.meetme.domain.com
2018-07-30 17:03:08.847 SEVERE: [508] org.jivesoftware.smack.PacketReader.notifyConnectionError() Closes the connection temporary
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: The peer provided certificate with Subject <EMAILADDRESS=xmpp@meetme.domain.com, CN=meetme.domain.com, OU=XMPP Department, O=Your Organisation, L=The Internet, C=GB> is not trusted
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:444)
at org.jivesoftware.smack.XMPPConnection.access$200(XMPPConnection.java:56)
at org.jivesoftware.smack.XMPPConnection$TCPXmppPacketReader.doParsePackets(XMPPConnection.java:702)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:247)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:46)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:86)
Caused by: java.security.cert.CertificateException: The peer provided certificate with Subject <EMAILADDRESS=xmpp@meetme.domain.com, CN=meetme.domain.com, OU=XMPP Department, O=Your Organisation, L=The Internet, C=GB> is not trusted
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:860)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkServerTrusted(CertificateServiceImpl.java:720)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2603)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
… 13 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:755)
… 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
… 23 more
2018-07-30 17:03:20.474 INFO: [55] impl.protocol.sip.ProxyRouter.getNextHop().167 Outbound proxy mode, using proxy 192.168.2.1:5060/UDP as hop instead of an address resolved by the SIP router
2018-07-30 17:03:20.483 INFO: [510] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:03:23.703 SEVERE: [512] impl.certificate.CertificateServiceImpl.verify().1089 Missing CertificateDialogService by default will not trust!
2018-07-30 17:03:23.703 INFO: [512] impl.certificate.CertificateServiceImpl.checkCertTrusted().857 Untrusted certificate
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:755)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkServerTrusted(CertificateServiceImpl.java:720)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2603)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:444)
at org.jivesoftware.smack.XMPPConnection.access$200(XMPPConnection.java:56)
at org.jivesoftware.smack.XMPPConnection$TCPXmppPacketReader.doParsePackets(XMPPConnection.java:702)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:247)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:46)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:86)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
… 23 more
2018-07-30 17:03:23.707 SEVERE: [511] org.jivesoftware.smack.PacketWriter.writePackets() Error writing packet
java.net.SocketException: Socket closed
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:118)
at java.net.SocketOutputStream.write(SocketOutputStream.java:155)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
at java.io.BufferedWriter.flush(BufferedWriter.java:254)
at org.jivesoftware.smack.PacketWriter.writePackets(PacketWriter.java:224)
at org.jivesoftware.smack.PacketWriter.access$000(PacketWriter.java:43)
at org.jivesoftware.smack.PacketWriter$1.run(PacketWriter.java:93)
2018-07-30 17:03:23.707 SEVERE: [513] service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged().201 An error occurred while executing RegistrationStateChangeListener#registrationStateChanged(RegistrationStateChangeEvent) of net.java.sip.communicator.impl.protocol.jabber.OperationSetPersistentPresenceJabberImpl$RegistrationStateListener@3ee9f57b
java.lang.NullPointerException
2018-07-30 17:03:23.708 SEVERE: [513] service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged().201 An error occurred while executing RegistrationStateChangeListener#registrationStateChanged(RegistrationStateChangeEvent) of net.java.sip.communicator.impl.protocol.jabber.OperationSetTypingNotificationsJabberImpl$ProviderRegListener@711316ed
java.lang.NullPointerException
2018-07-30 17:03:23.708 INFO: [513] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().125 Jingle : OFF
2018-07-30 17:03:23.709 SEVERE: [513] org.jitsi.jigasi.JvbConference.registrationStateChanged().557 Unregistered XMPP on 164ebedd0e8@callcontrol.meetme.domain.com
2018-07-30 17:03:23.855 SEVERE: [512] org.jivesoftware.smack.PacketReader.notifyConnectionError() Closes the connection temporary
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: The peer provided certificate with Subject <EMAILADDRESS=xmpp@meetme.domain.com, CN=meetme.domain.com, OU=XMPP Department, O=Your Organisation, L=The Internet, C=GB> is not trusted
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:444)
at org.jivesoftware.smack.XMPPConnection.access$200(XMPPConnection.java:56)
at org.jivesoftware.smack.XMPPConnection$TCPXmppPacketReader.doParsePackets(XMPPConnection.java:702)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:247)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:46)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:86)
Caused by: java.security.cert.CertificateException: The peer provided certificate with Subject <EMAILADDRESS=xmpp@meetme.domain.com, CN=meetme.domain.com, OU=XMPP Department, O=Your Organisation, L=The Internet, C=GB> is not trusted
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:860)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkServerTrusted(CertificateServiceImpl.java:720)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2603)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
… 13 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:755)
… 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
… 23 more
2018-07-30 17:03:45.475 INFO: [55] impl.protocol.sip.ProxyRouter.getNextHop().167 Outbound proxy mode, using proxy 192.168.2.1:5060/UDP as hop instead of an address resolved by the SIP router
2018-07-30 17:03:45.479 INFO: [514] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:04:02.899 INFO: [515] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:04:02.902 INFO: [515] org.jitsi.jigasi.SipGateway.incomingCallReceived().144 Incoming call received…
2018-07-30 17:04:03.905 INFO: [516] org.jitsi.jigasi.SipGatewaySession.run().835 Using default JVB room name property siptest
2018-07-30 17:04:03.912 INFO: [516] org.jitsi.jigasi.JvbConference.setXmppProvider().523 164ebeea4d6@meetme.domain.com will use ProtocolProviderServiceJabberImpl(voip@meetme.domain.com (Jabber))
2018-07-30 17:04:03.944 SEVERE: [520] impl.certificate.CertificateServiceImpl.verify().1089 Missing CertificateDialogService by default will not trust!
2018-07-30 17:04:03.944 INFO: [520] impl.certificate.CertificateServiceImpl.checkCertTrusted().857 Untrusted certificate
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:755)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkServerTrusted(CertificateServiceImpl.java:720)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2603)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:444)
at org.jivesoftware.smack.XMPPConnection.access$200(XMPPConnection.java:56)
at org.jivesoftware.smack.XMPPConnection$TCPXmppPacketReader.doParsePackets(XMPPConnection.java:702)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:247)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:46)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:86)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
… 23 more
2018-07-30 17:04:03.954 SEVERE: [521] service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged().201 An error occurred while executing RegistrationStateChangeListener#registrationStateChanged(RegistrationStateChangeEvent) of net.java.sip.communicator.impl.protocol.jabber.OperationSetPersistentPresenceJabberImpl$RegistrationStateListener@704ef886
java.lang.NullPointerException
2018-07-30 17:04:03.955 SEVERE: [521] service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged().201 An error occurred while executing RegistrationStateChangeListener#registrationStateChanged(RegistrationStateChangeEvent) of net.java.sip.communicator.impl.protocol.jabber.OperationSetTypingNotificationsJabberImpl$ProviderRegListener@7ab693f6
java.lang.NullPointerException
2018-07-30 17:04:03.955 INFO: [521] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().125 Jingle : OFF
2018-07-30 17:04:03.956 SEVERE: [521] org.jitsi.jigasi.JvbConference.registrationStateChanged().557 Unregistered XMPP on 164ebeea4d6@meetme.domain.com
2018-07-30 17:04:04.105 SEVERE: [520] org.jivesoftware.smack.PacketReader.notifyConnectionError() Closes the connection temporary
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: The peer provided certificate with Subject <EMAILADDRESS=xmpp@meetme.domain.com, CN=meetme.domain.com, OU=XMPP Department, O=Your Organisation, L=The Internet, C=GB> is not trusted
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:444)
at org.jivesoftware.smack.XMPPConnection.access$200(XMPPConnection.java:56)
at org.jivesoftware.smack.XMPPConnection$TCPXmppPacketReader.doParsePackets(XMPPConnection.java:702)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:247)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:46)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:86)
Caused by: java.security.cert.CertificateException: The peer provided certificate with Subject <EMAILADDRESS=xmpp@meetme.domain.com, CN=meetme.domain.com, OU=XMPP Department, O=Your Organisation, L=The Internet, C=GB> is not trusted
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:860)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkServerTrusted(CertificateServiceImpl.java:720)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2603)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
… 13 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:755)
… 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
… 23 more
2018-07-30 17:04:10.475 INFO: [55] impl.protocol.sip.ProxyRouter.getNextHop().167 Outbound proxy mode, using proxy 192.168.2.1:5060/UDP as hop instead of an address resolved by the SIP router
2018-07-30 17:04:10.483 INFO: [522] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:04:18.943 SEVERE: [524] impl.certificate.CertificateServiceImpl.verify().1089 Missing CertificateDialogService by default will not trust!
2018-07-30 17:04:18.946 INFO: [524] impl.certificate.CertificateServiceImpl.checkCertTrusted().857 Untrusted certificate
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:755)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkServerTrusted(CertificateServiceImpl.java:720)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2603)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:444)
at org.jivesoftware.smack.XMPPConnection.access$200(XMPPConnection.java:56)
at org.jivesoftware.smack.XMPPConnection$TCPXmppPacketReader.doParsePackets(XMPPConnection.java:702)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:247)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:46)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:86)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
… 23 more
2018-07-30 17:04:18.947 SEVERE: [523] org.jivesoftware.smack.PacketWriter.writePackets() Error writing packet
java.net.SocketException: Socket closed
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:118)
at java.net.SocketOutputStream.write(SocketOutputStream.java:155)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
at java.io.BufferedWriter.flush(BufferedWriter.java:254)
at org.jivesoftware.smack.PacketWriter.writePackets(PacketWriter.java:224)
at org.jivesoftware.smack.PacketWriter.access$000(PacketWriter.java:43)
at org.jivesoftware.smack.PacketWriter$1.run(PacketWriter.java:93)
2018-07-30 17:04:18.950 SEVERE: [525] service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged().201 An error occurred while executing RegistrationStateChangeListener#registrationStateChanged(RegistrationStateChangeEvent) of net.java.sip.communicator.impl.protocol.jabber.OperationSetPersistentPresenceJabberImpl$RegistrationStateListener@704ef886
java.lang.NullPointerException
2018-07-30 17:04:18.950 SEVERE: [525] service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged().201 An error occurred while executing RegistrationStateChangeListener#registrationStateChanged(RegistrationStateChangeEvent) of net.java.sip.communicator.impl.protocol.jabber.OperationSetTypingNotificationsJabberImpl$ProviderRegListener@7ab693f6
java.lang.NullPointerException
2018-07-30 17:04:18.951 INFO: [525] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().125 Jingle : OFF
2018-07-30 17:04:18.951 SEVERE: [525] org.jitsi.jigasi.JvbConference.registrationStateChanged().557 Unregistered XMPP on 164ebeea4d6@meetme.domain.com
2018-07-30 17:04:19.097 SEVERE: [524] org.jivesoftware.smack.PacketReader.notifyConnectionError() Closes the connection temporary
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: The peer provided certificate with Subject <EMAILADDRESS=xmpp@meetme.domain.com, CN=meetme.domain.com, OU=XMPP Department, O=Your Organisation, L=The Internet, C=GB> is not trusted
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:444)
at org.jivesoftware.smack.XMPPConnection.access$200(XMPPConnection.java:56)
at org.jivesoftware.smack.XMPPConnection$TCPXmppPacketReader.doParsePackets(XMPPConnection.java:702)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:247)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:46)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:86)
Caused by: java.security.cert.CertificateException: The peer provided certificate with Subject <EMAILADDRESS=xmpp@meetme.domain.com, CN=meetme.domain.com, OU=XMPP Department, O=Your Organisation, L=The Internet, C=GB> is not trusted
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:860)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkServerTrusted(CertificateServiceImpl.java:720)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl$HostTrustManager.checkServerTrusted(ProtocolProviderServiceJabberImpl.java:2603)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
… 13 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at net.java.sip.communicator.impl.certificate.CertificateServiceImpl$3.checkCertTrusted(CertificateServiceImpl.java:755)
… 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
… 23 more
2018-07-30 17:04:20.910 INFO: [526] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:04:20.914 INFO: [526] org.jitsi.jigasi.SipGatewaySession.handleCallState().703 SIP call ended: CallPeerChangeEvent: type=CallPeerStatusChange oldV=net.java.sip.communicator.service.protocol.CallPeerState:Incoming Call newV=net.java.sip.communicator.service.protocol.CallPeerState:Disconnected for peer=447769500042 447769500042@firebrick.neilzone.co.uk;status=Disconnected
2018-07-30 17:04:20.914 INFO: [526] org.jitsi.jigasi.SipGatewaySession.sipCallEnded().485 Sip call ended: Call: id=15329666429001415997665 peers=0
2018-07-30 17:04:20.915 INFO: [526] org.jitsi.jigasi.JvbConference.stop().483 164ebeea4d6@meetme.domain.com is removing account Jabber:164ebeea4d6@meetme.domain.com/164ebeea4d6
2018-07-30 17:04:20.916 INFO: [527] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.2.1:5060
2018-07-30 17:04:20.951 INFO: [528] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.17.1:5060
2018-07-30 17:04:21.946 INFO: [529] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /192.168.17.1:5060


#2

Have you tried enabling: net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true?


#3

Please note that this should only be used for testing/debugging purposes, or in controlled environments. If you confirm that this is the problem, you should then solve it in another way (e.g. get a signed certificate for prosody, or add the particular certificate to jigasi’s trust store).


#4

Thanks Damian. That has cleared up the certificate error, although I’m surprised it was necessary with Let’s Encrypt as the CA. I’ll look into that more.

In the interim, it might be worth amending the comment to read:

Activate this property if you are using self-signed certificates or other type of non-trusted certificates (including Let’s Encrypt). In this mode your service trust in the remote certificates always.

If that’s helpful, I can put a pull request through?

It has highlighted a perhaps more relevant error for an incoming call:

2018-07-30 19:19:05.779 SEVERE: [67] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register().483 Error registering
SASL authentication DIGEST-MD5 failed: text:
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:341)
at org.jivesoftware.smack.AbstractConnection.login(AbstractConnection.java:274)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:56)
at net.java.sip.communicator.impl.protocol.jabber.LoginByPasswordStrategy.login(LoginByPasswordStrategy.java:154)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1326)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:954)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:765)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:478)
at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)
2018-07-30 19:19:05.781 SEVERE: [67] util.UtilActivator.uncaughtException().119 An uncaught exception occurred in thread=Thread[Thread-48,10,main] and message was: No previous records found for account ID: Jabber:164ec6a4155@meetme.domain.com/164ec6a4155 in packagenet.java.sip.communicator.impl.protocol.jabber
java.lang.IllegalArgumentException: No previous records found for account ID: Jabber:164ec6a4155@meetme.domain.com/164ec6a4155 in packagenet.java.sip.communicator.impl.protocol.jabber
at net.java.sip.communicator.service.protocol.ProtocolProviderFactory.storePassword(ProtocolProviderFactory.java:904)
at net.java.sip.communicator.service.protocol.ProtocolProviderFactory.storePassword(ProtocolProviderFactory.java:857)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.fireRegistrationStateChanged(ProtocolProviderServiceJabberImpl.java:2237)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:487)
at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)

I have checked that the password I am using for the prosody user is the same as the base64-encoded password I have put in sip-communicator.properties; perhaps I should be putting it in plaintext in sip-communicator.properties, rather than base64?

Many thanks for your help,

Best wishes

Neil


#5

I have checked that the password I am using for the prosody user is the same as the base64-encoded password I have put in sip-communicator.properties; perhaps I should be putting it in plaintext in sip-communicator.properties, rather than base64?

It looks like this is the problem: the password needs to be in plaintext, not base64.

Outbound calling now seems to work fine, and inbound calling has a one-way audio issue for me to work through.

Best wishes

Neil


#6

The certificates errors have nothing to do with Let’s encrypt. So the Let’s encrypt certificates are installed on the web part where https is terminated in order browsers to see it as a secured site.

On the other hand prosody needs certificates to be able to use TLS for its xmpp client connection, that uses port 5222. For the jitsi-meet deployment we use self-signed certificates for that part and as jicofo is normally installed on the same machine, we just put that certificate in the trust store on the local machine. So when jicofo connects and tries to validate the certificate, that cert is trusted as it is in the trust store. If you install jigasi on another machine you need to add that certificate to that machine trust store, or just use ALWAYS_TRUST_MODE_ENABLED to skip this certificate validation. As Boris already mentioned if you are running this in production make sure the network between xmpp server and jigasi is secured, as you have disabled one security check there.

So the Let’s encrypt certificates are just for the web part and the comment you added in jicofo readme is invalid “If you are using Let’s Encrypt for your tls certificate, you may also need to uncomment the following line, also in sip-communicator.properties:”.


#7

Thanks for the great explanation, and the correction to my poor understanding — thank you. I have added a new pull request, to fix my error.

It looks like something strange is happening here, as jicofo and jigasi are running on the same machine.


#8

Jicofo is using auth.domain virtual host to connect, and the certificate for that domain is added to the trust store. You need to make sure jigasi is using the same domain, its user should be like jigasi@auth.domain …