[jitsi-dev] certificate is not trusted


#1

I'm getting the following error on Jitsi on Ubuntu[1], but not Jitsi on
OS X:

  Jitsi can't verify the identity of the server when
  connecting to [sip2sip.info]. The certificate is not
  trusted, which means that the server's identity cannot
  be automatically verified. Do you want to continue
  connecting? For more information, click "Show
  Certificate".

What's the right way to eliminate the problem?

I also just tried the nightly build of Jitsi
(jitsi_2.1.4518.10586-1_amd64.deb) and get the same error. I have also
tried removing the .jitsi directory to see if it was a configuration
issue, that had no effect either.

Regards,
/Lars

[1] $ apt-cache policy jitsi
jitsi:
Installed: 2.0.4506.10553-1
Candidate: 2.0.4506.10553-1


#2

Hey

I'm getting the following error on Jitsi on Ubuntu[1], but not Jitsi on
OS X:

  Jitsi can't verify the identity of the server when
  connecting to [sip2sip.info]. The certificate is not
  trusted, which means that the server's identity cannot
  be automatically verified. Do you want to continue
  connecting? For more information, click "Show
  Certificate".

What's the right way to eliminate the problem?

When I'm connecting to proxy.sipthor.net I get the following sha1 thumbprint
of the certificate: d5 ce 63 26 04 09 a4 db a2 cd 49 0d a5 34 02 3e 53 8d 7d
11. Make sure you get the same on Ubuntu.

The next step would be to check from where your Java runtime obtains the
root certificates and make sure that the cert issuer (/C=US/O=GeoTrust
Inc./CN=GeoTrust Global CA) is trusted/listed there.

If you want to simply ignore the error, you can click on "Continue anyway",
but that's not the point :slight_smile:

Differences between the OSs can come from the fact that the Java runtimes
use different truststores. Java on Windows by default brings its own
truststore, but Jitsi uses Windows' trusted roots (since 2.0 by default). I
don't know what OSX does, and Linux AFAIK usually uses something from a
system package.

I also just tried the nightly build of Jitsi
(jitsi_2.1.4518.10586-1_amd64.deb) and get the same error. I have also
tried removing the .jitsi directory to see if it was a configuration
issue, that had no effect either.

The only thing stored in the configuration would be a permanent override.

Regards,
/Lars

Regards,
Ingo

PS: A mail to either dev or users is sufficient.


#3

I get the same error logging into a jit.si account for the first time
(see attached).

Looking at the certificate I'm confused why it is issued to Google Inc
(talk.google.com) instead of jit.si.

David

(Jitsi 2.0, Windows 7)

···

On 3/11/2013 3:04 PM, Ingo Bauersachs wrote:

Hey

I'm getting the following error on Jitsi on Ubuntu[1], but not Jitsi on
OS X:

  Jitsi can't verify the identity of the server when
  connecting to [sip2sip.info]. The certificate is not
  trusted, which means that the server's identity cannot
  be automatically verified. Do you want to continue
  connecting? For more information, click "Show
  Certificate".

What's the right way to eliminate the problem?

When I'm connecting to proxy.sipthor.net I get the following sha1 thumbprint
of the certificate: d5 ce 63 26 04 09 a4 db a2 cd 49 0d a5 34 02 3e 53 8d 7d
11. Make sure you get the same on Ubuntu.

The next step would be to check from where your Java runtime obtains the
root certificates and make sure that the cert issuer (/C=US/O=GeoTrust
Inc./CN=GeoTrust Global CA) is trusted/listed there.

If you want to simply ignore the error, you can click on "Continue anyway",
but that's not the point :slight_smile:

Differences between the OSs can come from the fact that the Java runtimes
use different truststores. Java on Windows by default brings its own
truststore, but Jitsi uses Windows' trusted roots (since 2.0 by default). I
don't know what OSX does, and Linux AFAIK usually uses something from a
system package.

I also just tried the nightly build of Jitsi
(jitsi_2.1.4518.10586-1_amd64.deb) and get the same error. I have also
tried removing the .jitsi directory to see if it was a configuration
issue, that had no effect either.

The only thing stored in the configuration would be a permanent override.

Regards,
/Lars

Regards,
Ingo

PS: A mail to either dev or users is sufficient.


#4

Sorry, I just realize I had typed username@jitsi.org (instead of
username@jit.si).

David

···

On 3/11/2013 8:25 PM, David Bolton wrote:

I get the same error logging into a jit.si account for the first time
(see attached).

Looking at the certificate I'm confused why it is issued to Google Inc
(talk.google.com) instead of jit.si.

David

(Jitsi 2.0, Windows 7)

.