[jitsi-dev] Invalid Cert for Jitsi portable.


#1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

A friend used Jitsi portable (v2.02) last night ok but this morning when
they went to log on they were presented with this warning (
http://imgur.com/kPR6mJM).

Looking at the jit.si website I see that too has a GoDaddy cert but it
is valid from 05-2013 to 05-2016. So why does this cert show it expires
29-09-2014? Can anyone please verify what the jit.si jabber cert is
supposed to be and confirm that my friend is not under a MITM attack?

Thanks,

- --

···

==

Don Alexander

It's a tough job, but some mug has to do it...

RooSoft Ltd


#2

Hi,

the certificates you are seeing are different, jit.si website is
redirected to jitsi.org, which certificate is valid until 05/07/2016.
While the certificate used for jit.si xmpp server is valid to
09/29/2014.
So it seems ok to me.

Hope this helps
damencho

···

On Thu, Oct 10, 2013 at 2:48 PM, Don Alexander <debug@roosoft.ltd.uk> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

A friend used Jitsi portable (v2.02) last night ok but this morning when
they went to log on they were presented with this warning (
http://imgur.com/kPR6mJM).

Looking at the jit.si website I see that too has a GoDaddy cert but it
is valid from 05-2013 to 05-2016. So why does this cert show it expires
29-09-2014? Can anyone please verify what the jit.si jabber cert is
supposed to be and confirm that my friend is not under a MITM attack?

Thanks,

- --

Don Alexander

It's a tough job, but some mug has to do it...

RooSoft Ltd
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJWlBMACgkQuipFNInZ6evrMQCgqfcC7HIwrwwCV/Lh+td+BbWP
hxkAn1hRBFZGkMLmUEhiM06lszlJ/w+T
=H/Pb
-----END PGP SIGNATURE-----

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Granted it does not look too suspicious as it is the same cert holder
but what is suspicious is how last night it was ok, no warning. Today..
a warning. I suspect it might be the windows host that is triggering it
but very hard to verify as I am not there to see. However I would feel
happier if someone can verify that they have the same cert for jit.si
xmpp server that goes back at least six months or so. And confirm it is
the same as my friend is displaying. I know it sounds paranoid but there
is a very real chance that my friend could be subject to a MITM attack
at the ISP level and so better to be safe than sorry no?

Thanks,

···

On 10/10/13 13:15, Damian Minkov wrote:

Hi,

the certificates you are seeing are different, jit.si website is
redirected to jitsi.org, which certificate is valid until 05/07/2016.
While the certificate used for jit.si xmpp server is valid to
09/29/2014.
So it seems ok to me.

Hope this helps
damencho

On Thu, Oct 10, 2013 at 2:48 PM, Don Alexander <debug@roosoft.ltd.uk> wrote:

Hi all,

A friend used Jitsi portable (v2.02) last night ok but this morning when
they went to log on they were presented with this warning (
http://imgur.com/kPR6mJM).

Looking at the jit.si website I see that too has a GoDaddy cert but it
is valid from 05-2013 to 05-2016. So why does this cert show it expires
29-09-2014? Can anyone please verify what the jit.si jabber cert is
supposed to be and confirm that my friend is not under a MITM attack?

Thanks,

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

- --

Don Alexander

It's a tough job, but some mug has to do it...

RooSoft Ltd


#4

Hello,

···

On 10/10/13 2:48 PM, Don Alexander wrote:

Hi,

Granted it does not look too suspicious as it is the same cert holder
but what is suspicious is how last night it was ok, no warning. Today..
a warning. I suspect it might be the windows host that is triggering it
but very hard to verify as I am not there to see. However I would feel
happier if someone can verify that they have the same cert for jit.si
xmpp server that goes back at least six months or so. And confirm it is
the same as my friend is displaying.

The certificate used by the jit.si xmpp server has the following SHA1
fingerprint:
7E:42:E9:42:B3:EF:46:96:64:1D:F5:71:02:53:30:CD:BE:56:17:90

Same as on your screenshot. My system accepts it.

Regards,
Boris


#5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

···

On 10/10/13 22:45, Boris Grozev wrote:

Hello,

On 10/10/13 2:48 PM, Don Alexander wrote:

Hi,

Granted it does not look too suspicious as it is the same cert holder
but what is suspicious is how last night it was ok, no warning. Today..
a warning. I suspect it might be the windows host that is triggering it
but very hard to verify as I am not there to see. However I would feel
happier if someone can verify that they have the same cert for jit.si
xmpp server that goes back at least six months or so. And confirm it is
the same as my friend is displaying.

The certificate used by the jit.si xmpp server has the following SHA1
fingerprint:
7E:42:E9:42:B3:EF:46:96:64:1D:F5:71:02:53:30:CD:BE:56:17:90

Same as on your screenshot. My system accepts it.

Regards,
Boris

Thanks.. but any idea why it would work one day and then warn them about
it the next? Could it be a bug? It is a pretty old build but still
should be ok no?

Cheers,

- --

Don Alexander

It's a tough job, but some mug has to do it...

RooSoft Ltd


#6

Hello,

···

On 10/10/13 11:57 PM, Don Alexander wrote:

Thanks.. but any idea why it would work one day and then warn them about
it the next? Could it be a bug? It is a pretty old build but still
should be ok no?

Cheers,

It is unlikely that the problem lies within jitsi. In order to verify a
certificate, jitsi uses root certificates provided by windows (or is it
java? I don't know). If for some reason the GoDaddy certificate isn't
trusted, the one for jit.si won't be trusted either.

Regards,
Boris