[jitsi-dev] Jicofo fails to connect to prosody after updating jitsi-meet


#1

Dear all,

I have an issue with connecting jicofo to prosody after updating jitsi-meet to the latest stable version (I installed every .deb package manually with dpkg -i <package_name> ).

When I start jicofo I get the following logs :

-On jicofo.log :
Jicofo 2017-12-07 17:16:02.551 AVERTISSEMENT: [222] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[not-authenticated] (0) closed with error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
  at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
  at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
  at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
  at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
  at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
  at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:798)
  at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:150)
  at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1055)
  at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:982)
  at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:998)
  at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
  at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
  at sun.security.validator.Validator.validate(Validator.java:260)
  at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
  ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
  at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
  ... 19 more

- On prosody.log :
Dec 07 17:50:24 jcpf99c50 info Incoming Jabber component connection
Dec 07 17:50:24 focus.meet.gipsy-ida01.ida.melanie2.i2:component info External component successfully authenticated
Dec 07 17:50:25 c2sb11800 info Client disconnected: ssl handshake error: sslv3 alert certificate unknown
Dec 07 17:50:30 c2sdaf910 info Client connected

I have never faced this kind of errors, any help please ?

Best regards,
Hamza


#2

Hi,

did you also install jitsi-meet-prosody package? If you havn't install it,
it should restart prosody and then restart jicofo and it should be fixed.

Regards
damencho

···

On Thu, Dec 7, 2017 at 10:53 AM, KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE <hamza.khait@i-carre.net> wrote:

Dear all,

I have an issue with connecting jicofo to prosody after updating
jitsi-meet to the latest stable version (I installed every .deb package
manually with dpkg -i <package_name> ).

When I start jicofo I get the following logs :

-On jicofo.log :
Jicofo 2017-12-07 17:16:02.551 AVERTISSEMENT: [222]
org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener()
Connection XMPPTCPConnection[not-authenticated] (0) closed with error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHa
ndshaker.java:1509)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHands
haker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.
java:1062)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSo
cketImpl.java:1375)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
java:1403)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
java:1387)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSRecei
ved(XMPPTCPConnection.java:798)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMP
PTCPConnection.java:150)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.
parsePackets(XMPPTCPConnection.java:1055)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.
access$300(XMPPTCPConnection.java:982)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.
run(XMPPTCPConnection.java:998)
        at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.
java:387)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXVali
dator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustMana
gerImpl.java:324)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509Trust
ManagerImpl.java:229)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X50
9TrustManagerImpl.java:124)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHa
ndshaker.java:1491)
        ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(
SunCertPathBuilder.java:141)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuil
d(SunCertPathBuilder.java:126)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.
java:280)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.
java:382)
        ... 19 more

- On prosody.log :
Dec 07 17:50:24 jcpf99c50 info Incoming Jabber component
connection
Dec 07 17:50:24 focus.meet.gipsy-ida01.ida.melanie2.i2:component
info External component successfully authenticated
Dec 07 17:50:25 c2sb11800 info Client disconnected: ssl handshake
error: sslv3 alert certificate unknown
Dec 07 17:50:30 c2sdaf910 info Client connected

I have never faced this kind of errors, any help please ?

Best regards,
Hamza

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#3

Hi,

Hi Damian,

did you also install jitsi-meet-prosody package? If you havn't install it, it should restart prosody and then restart jicofo and it should be fixed.

Yeah I already did that but I still get the certificate error in prosody logs :

Dec 08 11:15:04 jcpd910d0 info Incoming Jabber component connection
Dec 08 11:15:04 focus.meet.gipsy-ida01.ida.melanie2.i2:component info External component successfully authenticated
Dec 08 11:15:04 c2sf94a40 info Client disconnected: ssl handshake error: sslv3 alert certificate unknown

Hamza

···

Regards
damencho

On Thu, Dec 7, 2017 at 10:53 AM, KHAIT Hamza - > SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE > <hamza.khait@i-carre.net> wrote:

Dear all,

I have an issue with connecting jicofo to prosody after updating jitsi-meet to the latest stable version (I installed every .deb package manually with dpkg -i <package_name> ).

When I start jicofo I get the following logs :

-On jicofo.log :
Jicofo 2017-12-07 17:16:02.551 AVERTISSEMENT: [222] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[not-authenticated] (0) closed with error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:798)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:150)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1055)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:982)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:998)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 19 more

- On prosody.log :
Dec 07 17:50:24 jcpf99c50 info Incoming Jabber component connection
Dec 07 17:50:24 focus.meet.gipsy-ida01.ida.melanie2.i2:component info External component successfully authenticated
Dec 07 17:50:25 c2sb11800 info Client disconnected: ssl handshake error: sslv3 alert certificate unknown
Dec 07 17:50:30 c2sdaf910 info Client connected

I have never faced this kind of errors, any help please ?

Best regards,
Hamza

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#4

What about jicofo? Do you see any error there?

···

On Dec 8, 2017 06:36, "KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE" <hamza.khait@i-carre.net> wrote:

Hi,

Hi Damian,

did you also install jitsi-meet-prosody package? If you havn't install it,

it should restart prosody and then restart jicofo and it should be fixed.

Yeah I already did that but I still get the certificate error in prosody
logs :

Dec 08 11:15:04 jcpd910d0 info Incoming Jabber component
connection
Dec 08 11:15:04 focus.meet.gipsy-ida01.ida.melanie2.i2:component
info External component successfully authenticated
Dec 08 11:15:04 c2sf94a40 info Client disconnected: ssl handshake
error: sslv3 alert certificate unknown

Hamza

Regards

damencho

On Thu, Dec 7, 2017 at 10:53 AM, KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE >> ANNUAIRE ET MESSAGERIE <hamza.khait@i-carre.net> wrote:

Dear all,

I have an issue with connecting jicofo to prosody after updating
jitsi-meet to the latest stable version (I installed every .deb package
manually with dpkg -i <package_name> ).

When I start jicofo I get the following logs :

-On jicofo.log :
Jicofo 2017-12-07 17:16:02.551 AVERTISSEMENT: [222]
org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener()
Connection XMPPTCPConnection[not-authenticated] (0) closed with error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHa
ndshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHands
haker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSo
cketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
java:1387)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSRecei
ved(XMPPTCPConnection.java:798)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMP
PTCPConnection.java:150)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.
parsePackets(XMPPTCPConnection.java:1055)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.
access$300(XMPPTCPConnection.java:982)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.
run(XMPPTCPConnection.java:998)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXVali
dator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustMana
gerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509Trust
ManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X50
9TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHa
ndshaker.java:1491)
... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(
SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuil
d(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 19 more

- On prosody.log :
Dec 07 17:50:24 jcpf99c50 info Incoming Jabber component
connection
Dec 07 17:50:24 focus.meet.gipsy-ida01.ida.melanie2.i2:component
info External component successfully authenticated
Dec 07 17:50:25 c2sb11800 info Client disconnected: ssl
handshake error: sslv3 alert certificate unknown
Dec 07 17:50:30 c2sdaf910 info Client connected

I have never faced this kind of errors, any help please ?

Best regards,
Hamza

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#5

Just FYI, I noticed that other people had the same issue few days ago
(https://github.com/jitsi/jitsi-meet/issues/1899)

So I created a self-signed certificate and added it to
JICOFO_AUTH_DOMAIN virutalhost in prosody but once I restarted Prosody
then Jicofo, I get the following errors :

- prosody.log
DEC 08 14:48:07 JCP25C9A10 INFO INCOMING JABBER COMPONENT CONNECTION
DEC 08 14:48:07 FOCUS.MEET.GIPSY-IDA01.IDA.MELANIE2.I2:COMPONENT INFO
EXTERNAL COMPONENT SUCCESSFULLY AUTHENTICATED
DEC 08 14:48:07 C2S2099750 INFO STREAM ENCRYPTED (TLSV1.2 WITH
ECDHE-RSA-AES256-GCM-SHA384)
DEC 08 14:48:07 C2S2099750 INFO CLIENT DISCONNECTED: CONNECTION CLOSED

- jicofo.log
JICOFO 2017-12-08 14:48:07.421 GRAVE: [27]
ORG.JITSI.IMPL.PROTOCOL.XMPP.XMPPPROTOCOLPROVIDER.LOG() FAILED TO
CONNECT/LOGIN: SASLERROR USING SCRAM-SHA-1: NOT-AUTHORIZED
ORG.JIVESOFTWARE.SMACK.SASL.SASLERROREXCEPTION: SASLERROR USING
SCRAM-SHA-1: NOT-AUTHORIZED
AT
ORG.JIVESOFTWARE.SMACK.SASLAUTHENTICATION.AUTHENTICATIONFAILED(SASLAUTHENTICATION.JAVA:291)
AT
ORG.JIVESOFTWARE.SMACK.TCP.XMPPTCPCONNECTION$PACKETREADER.PARSEPACKETS(XMPPTCPCONNECTION.JAVA:1084)
AT
ORG.JIVESOFTWARE.SMACK.TCP.XMPPTCPCONNECTION$PACKETREADER.ACCESS$300(XMPPTCPCONNECTION.JAVA:982)
AT
ORG.JIVESOFTWARE.SMACK.TCP.XMPPTCPCONNECTION$PACKETREADER$1.RUN(XMPPTCPCONNECTION.JAVA:998)
AT JAVA.LANG.THREAD.RUN(THREAD.JAVA:745)
JICOFO 2017-12-08 14:48:07.429 AVERTISSEMENT: [39]
ORG.JIVESOFTWARE.SMACK.ROSTER.ROSTER.PROCESSSTANZA() ROSTER NOT LOADED
WHILE PROCESSING PRESENCE STANZA [ID=V5WFE-5,TYPE=ERROR,]

Here's the steps I followed to create the ssl certificate for
JICOFO_AUTH_DOMAIN (auth.meet.gipsy-ida01.ida.melanie2.i2)
PROSODYCTL CERT GENERATE AUTH.MEET.GIPSY-IDA01.IDA.MELANIE2.I2

LN -SF /VAR/LIB/PROSODY/AUTH.MEET.GIPSY-IDA01.IDA.MELANIE2.I2.KEY
/ETC/PROSODY/CERTS/AUTH.MEET.GIPSY-IDA01.IDA.MELANIE2.I2.KEY
LN -SF /VAR/LIB/PROSODY/AUTH.MEET.GIPSY-IDA01.IDA.MELANIE2.I2.CRT
/ETC/PROSODY/CERTS/AUTH.MEET.GIPSY-IDA01.IDA.MELANIE2.I2.CRT
LN -SF /VAR/LIB/PROSODY/AUTH.MEET.GIPSY-IDA01.IDA.MELANIE2.I2.CRT
/USR/LOCAL/SHARE/CA-CERTIFICATES/AUTH.MEET.GIPSY-IDA01.IDA.MELANIE2.I2.CRT

UPDATE-CA-CERTIFICATES

Then I added the SSL configuration to JICOFO_AUTH_DOMAIN virtualhost :
VIRTUALHOST "AUTH.MEET.GIPSY-IDA01.IDA.MELANIE2.I2"
AUTHENTICATION = "INTERNAL_PLAIN"
SSL = {
   KEY = "/ETC/PROSODY/CERTS/AUTH.MEET.GIPSY-IDA01.IDA.MELANIE2.I2.KEY";
   CERTIFICATE =
"/ETC/PROSODY/CERTS/AUTH.MEET.GIPSY-IDA01.IDA.MELANIE2.I2.CRT";
}

Hamza

···

Le 08/12/2017 13:34, > KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE (par Internet, dépôt dev-bounces@jitsi.org) a écrit :

Hi,

Hi Damian,

did you also install jitsi-meet-prosody package? If you havn't install it, it should restart prosody and then restart jicofo and it should be fixed.

Yeah I already did that but I still get the certificate error in prosody logs :

Dec 08 11:15:04 jcpd910d0 info Incoming Jabber component connection
Dec 08 11:15:04
focus.meet.gipsy-ida01.ida.melanie2.i2:component info External
component successfully authenticated
Dec 08 11:15:04 c2sf94a40 info Client disconnected: ssl handshake
error: sslv3 alert certificate unknown

Hamza

Regards
damencho

On Thu, Dec 7, 2017 at 10:53 AM, KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE <hamza.khait@i-carre.net> wrote:

Dear all,

I have an issue with connecting jicofo to prosody after updating jitsi-meet to the latest stable version (I installed every .deb package manually with dpkg -i <package_name> ).

When I start jicofo I get the following logs :

-On jicofo.log :
Jicofo 2017-12-07 17:16:02.551 AVERTISSEMENT: [222] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[not-authenticated] (0) closed with error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:798)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:150)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1055)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:982)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:998)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 19 more

- On prosody.log :
Dec 07 17:50:24 jcpf99c50 info Incoming Jabber component connection
Dec 07 17:50:24 focus.meet.gipsy-ida01.ida.melanie2.i2:component info External component successfully authenticated
Dec 07 17:50:25 c2sb11800 info Client disconnected: ssl handshake error: sslv3 alert certificate unknown
Dec 07 17:50:30 c2sdaf910 info Client connected

I have never faced this kind of errors, any help please ?

Best regards,
Hamza

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev
_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#6

The issue you mention, is trying to setup it manually. While doing normal
apt-get install, which brings all dependencies with it should not have this
problem (which is not the case with dpkg).
jitsi-meet-prosody package should take care of it.
Your steps seems right, but did you try installing the jitsi-meet-prosody,
before that?

···

On Dec 8, 2017 07:54, "KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE" <hamza.khait@i-carre.net> wrote:

Just FYI, I noticed that other people had the same issue few days ago (
https://github.com/jitsi/jitsi-meet/issues/1899)

So I created a self-signed certificate and added it to JICOFO_AUTH_DOMAIN
virutalhost in prosody but once I restarted Prosody then Jicofo, I get the
following errors :

- prosody.log
*Dec 08 14:48:07 jcp25c9a10 info Incoming Jabber component connection*
*Dec 08 14:48:07 focus.meet.gipsy-ida01.ida.melanie2.i2:component info
External component successfully authenticated*
*Dec 08 14:48:07 c2s2099750 info Stream encrypted (TLSv1.2 with
ECDHE-RSA-AES256-GCM-SHA384)*
*Dec 08 14:48:07 c2s2099750 info Client disconnected: connection closed*

- jicofo.log
*Jicofo 2017-12-08 14:48:07.421 GRAVE: [27]
org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() Failed to
connect/login: SASLError using SCRAM-SHA-1: not-authorized*
*org.jivesoftware.smack.sasl.SASLErrorException: SASLError using
SCRAM-SHA-1: not-authorized*
* at
org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:291)*
* at
org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1084)*
* at
org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:982)*
* at
org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:998)*
* at java.lang.Thread.run(Thread.java:745)*
*Jicofo 2017-12-08 14:48:07.429 AVERTISSEMENT: [39]
org.jivesoftware.smack.roster.Roster.processStanza() Roster not loaded
while processing Presence Stanza [id=v5wfe-5,type=error,]*

Here's the steps I followed to create the ssl certificate for JICOFO_AUTH_DOMAIN
(auth.meet.gipsy-ida01.ida.melanie2.i2)
*prosodyctl cert generate auth.meet.gipsy-ida01.ida.melanie2.i2*

*ln -sf
/var/lib/prosody/auth.meet.gipsy-ida01.ida.melanie2.i2.key /etc/prosody/certs/auth.meet.gipsy-ida01.ida.melanie2.i2.key*
* ln -sf /var/lib/prosody/auth.meet.gipsy-ida01.ida.melanie2.i2.crt
/etc/prosody/certs/auth.meet.gipsy-ida01.ida.melanie2.i2.crt*
* ln -sf /var/lib/prosody/auth.meet.gipsy-ida01.ida.melanie2.i2.crt
/usr/local/share/ca-certificates/auth.meet.gipsy-ida01.ida.melanie2.i2.crt*

*update-ca-certificates*

Then I added the SSL configuration to JICOFO_AUTH_DOMAIN virtualhost :
*VirtualHost "auth.meet.gipsy-ida01.ida.melanie2.i2"*
* authentication = "internal_plain"*
* ssl = {*
* key = "/etc/prosody/certs/auth.meet.gipsy-ida01.ida.melanie2.i2.key";*
* certificate =
"/etc/prosody/certs/auth.meet.gipsy-ida01.ida.melanie2.i2.crt";*
* }*

Hamza

Le 08/12/2017 13:34, > KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET > MESSAGERIE (par Internet, dépôt dev-bounces@jitsi.org) a écrit :

Hi,

Hi Damian,

did you also install jitsi-meet-prosody package? If you havn't install it,
it should restart prosody and then restart jicofo and it should be fixed.

Yeah I already did that but I still get the certificate error in prosody
logs :

Dec 08 11:15:04 jcpd910d0 info Incoming Jabber component connection
Dec 08 11:15:04
focus.meet.gipsy-ida01.ida.melanie2.i2:component info External
component successfully authenticated
Dec 08 11:15:04 c2sf94a40 info Client disconnected: ssl handshake
error: sslv3 alert certificate unknown

Hamza

Regards
damencho

On Thu, Dec 7, 2017 at 10:53 AM, KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE > ANNUAIRE ET MESSAGERIE <hamza.khait@i-carre.net> wrote:

Dear all,

I have an issue with connecting jicofo to prosody after updating
jitsi-meet to the latest stable version (I installed every .deb package
manually with dpkg -i <package_name> ).

When I start jicofo I get the following logs :

-On jicofo.log :
Jicofo 2017-12-07 17:16:02.551 AVERTISSEMENT: [222] org.jivesoftware.smack.
AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection
XMPPTCPConnection[not-authenticated] (0) closed with error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(
ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(
ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(
SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(
XMPPTCPConnection.java:798)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(
XMPPTCPConnection.java:150)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(
XMPPTCPConnection.java:1055)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(
XMPPTCPConnection.java:982)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(
XMPPTCPConnection.java:998)
at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(
PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(
X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(
X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(
X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(
ClientHandshaker.java:1491)
... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.
build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(
SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 19 more

- On prosody.log :
Dec 07 17:50:24 jcpf99c50 info Incoming Jabber component
connection
Dec 07 17:50:24 focus.meet.gipsy-ida01.ida.melanie2.i2:component
       info External component successfully authenticated
Dec 07 17:50:25 c2sb11800 info Client disconnected: ssl handshake
error: sslv3 alert certificate unknown
Dec 07 17:50:30 c2sdaf910 info Client connected

I have never faced this kind of errors, any help please ?

Best regards,
Hamza

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#7

The issue you mention, is trying to setup it manually. While doing normal apt-get install, which brings all dependencies with it should not have this problem (which is not the case with dpkg).

I used to update the packages one-by-one using "dpkg -i" and I've never seen this error.
Unless I am mistaken I think the problem is related to the domain name change. Few weeks ago, the domain name of my testing platform was "gipsy-ida01.ida.melanie2.i2" but I decided to replace it with "meet.gipsy-ida01.ida.melanie2.i2". I made this change in nginx, prosody, jvb, jicofo and meet configuration files under /etc/

Now, when I update the packages using dpkg, I notice that somehow some configuration files and ssl certs are also created for the previous domain name (maybe this domain name is still stored somewhere?)... Maybe a clean install from scratch should solve the problem.

jitsi-meet-prosody package should take care of it.
Your steps seems right, but did you try installing the jitsi-meet-prosody, before that?

And Yes I did install jitsi-meet-prosody_1.0.2441-1_all.deb using dpkg before that. After the update I get the errors that I mentioned previously

Hamza


#8

Yep, this can be the domain changed. In order to be able to continue
upgrading from debian packages, it is not needed only to edit the config
files, before doing that you need to reconfigure packages with the new
domain name.
If you execute: debconf-get-selections | grep jitsi you will see on some of
the properties your old domain.
Clean install will definitely fix it. Backup your /etc/jitsi, /etc/prosody
and /etc/nginx folders and then apt-get --purge remove
jitsi-meet jitsi-meet-web jitsi-meet-prosody jitsi-meet-web-config jicofo
jitsi-videobridge.
Or you can try manipulating debconf values from the command line
for jitsi-meet-prosody, jitsi-meet-web-config, jicofo, jitsi-videobridge,
but this is dangerous and can mess up everything.

···

On Fri, Dec 8, 2017 at 9:12 AM, KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE <hamza.khait@i-carre.net> wrote:

The issue you mention, is trying to setup it manually. While doing normal

apt-get install, which brings all dependencies with it should not have this
problem (which is not the case with dpkg).

I used to update the packages one-by-one using "dpkg -i" and I've never
seen this error.
Unless I am mistaken I think the problem is related to the domain name
change. Few weeks ago, the domain name of my testing platform was
"gipsy-ida01.ida.melanie2.i2" but I decided to replace it with
"meet.gipsy-ida01.ida.melanie2.i2". I made this change in nginx, prosody,
jvb, jicofo and meet configuration files under /etc/

Now, when I update the packages using dpkg, I notice that somehow some
configuration files and ssl certs are also created for the previous domain
name (maybe this domain name is still stored somewhere?)... Maybe a clean
install from scratch should solve the problem.

jitsi-meet-prosody package should take care of it.

Your steps seems right, but did you try installing the
jitsi-meet-prosody, before that?

And Yes I did install jitsi-meet-prosody_1.0.2441-1_all.deb using dpkg
before that. After the update I get the errors that I mentioned previously

Hamza

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#9

Hello Damian,

I removed everything and made a fresh install of Jitsi Meet, however I'm still having the certs issue between Jicofo and Prosody but with different errors. Please find attached jicofo.log and prosody.log for more information.

Here's an excerpt from jicofo log (full version attached) :

Jicofo 2017-12-11 16:03:16.707 GRAVE: [22] org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() Failed to connect/login: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1060)
  at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:982)
  at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:998)
  at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
  at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
  at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
  at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
  at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
  at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
  at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:798)
  at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:150)
  at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1055)
  ... 3 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
  at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
  at sun.security.validator.Validator.validate(Validator.java:260)
  at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
  ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
  at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
  at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
  ... 19 more
Jicofo 2017-12-11 16:03:16.709 AVERTISSEMENT: [29] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[not-authenticated] (0) closed with error

Regards,
Hamza

jicofo.log (62.1 KB)

prosody.log (2.52 KB)

···

Le 08/12/2017 16:29, > Damian Minkov (par Internet, dépôt dev-bounces@jitsi.org) a écrit :

Yep, this can be the domain changed. In order to be able to continue upgrading from debian packages, it is not needed only to edit the config files, before doing that you need to reconfigure packages with the new domain name.
If you execute: debconf-get-selections | grep jitsi you will see on some of the properties your old domain.
Clean install will definitely fix it. Backup your /etc/jitsi, /etc/prosody and /etc/nginx folders and then apt-get --purge remove jitsi-meet jitsi-meet-web jitsi-meet-prosody jitsi-meet-web-config jicofo jitsi-videobridge.
Or you can try manipulating debconf values from the command line for jitsi-meet-prosody, jitsi-meet-web-config, jicofo, jitsi-videobridge, but this is dangerous and can mess up everything.

On Fri, Dec 8, 2017 at 9:12 AM, KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE > ANNUAIRE ET MESSAGERIE <hamza.khait@i-carre.net> wrote:
The issue you mention, is trying to setup it manually. While doing normal apt-get install, which brings all dependencies with it should not have this problem (which is not the case with dpkg). I used to update the packages one-by-one using "dpkg -i" and I've never seen this error.
Unless I am mistaken I think the problem is related to the domain name change. Few weeks ago, the domain name of my testing platform was "gipsy-ida01.ida.melanie2.i2" but I decided to replace it with "meet.gipsy-ida01.ida.melanie2.i2". I made this change in nginx, prosody, jvb, jicofo and meet configuration files under /etc/

Now, when I update the packages using dpkg, I notice that somehow some configuration files and ssl certs are also created for the previous domain name (maybe this domain name is still stored somewhere?)... Maybe a clean install from scratch should solve the problem.

jitsi-meet-prosody package should take care of it.
Your steps seems right, but did you try installing the jitsi-meet-prosody, before that? And Yes I did install jitsi-meet-prosody_1.0.2441-1_all.deb using dpkg before that. After the update I get the errors that I mentioned previously

Hamza

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#10

And you are doing just apt-get install jitsi-meet?
Which source repository did you use stable/unstable or testing?
The version of your operating system?

···

On Tue, Dec 12, 2017 at 2:57 AM, KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE <hamza.khait@i-carre.net> wrote:

Hello Damian,

I removed everything and made a fresh install of Jitsi Meet, however I'm
still having the certs issue between Jicofo and Prosody but with different
errors. Please find attached jicofo.log and prosody.log for more
information.

Here's an excerpt from jicofo log (full version attached) :

Jicofo 2017-12-11 16:03:16.707 GRAVE: [22]
org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() Failed to
connect/login: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at
org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1060)
        at
org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:982)
        at
org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:998)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
        at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
        at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
        at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
        at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
        at
org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:798)
        at
org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:150)
        at
org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1055)
        ... 3 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
        at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
        at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
        ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
        ... 19 more
Jicofo 2017-12-11 16:03:16.709 AVERTISSEMENT: [29]
org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener()
Connection XMPPTCPConnection[not-authenticated] (0) closed with error

Regards,
Hamza

Le 08/12/2017 16:29, > Damian Minkov (par Internet, dépôt > dev-bounces@jitsi.org) a écrit :

Yep, this can be the domain changed. In order to be able to continue
upgrading from debian packages, it is not needed only to edit the config
files, before doing that you need to reconfigure packages with the new
domain name.
If you execute: debconf-get-selections | grep jitsi you will see on some
of the properties your old domain.
Clean install will definitely fix it. Backup your /etc/jitsi, /etc/prosody
and /etc/nginx folders and then apt-get --purge remove jitsi-meet
jitsi-meet-web jitsi-meet-prosody jitsi-meet-web-config jicofo
jitsi-videobridge.
Or you can try manipulating debconf values from the command line for
jitsi-meet-prosody, jitsi-meet-web-config, jicofo, jitsi-videobridge, but
this is dangerous and can mess up everything.

On Fri, Dec 8, 2017 at 9:12 AM, KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE >> ANNUAIRE ET MESSAGERIE <hamza.khait@i-carre.net> wrote:
The issue you mention, is trying to setup it manually. While doing normal
apt-get install, which brings all dependencies with it should not have this
problem (which is not the case with dpkg). I used to update the packages
one-by-one using "dpkg -i" and I've never seen this error.
Unless I am mistaken I think the problem is related to the domain name
change. Few weeks ago, the domain name of my testing platform was
"gipsy-ida01.ida.melanie2.i2" but I decided to replace it with
"meet.gipsy-ida01.ida.melanie2.i2". I made this change in nginx, prosody,
jvb, jicofo and meet configuration files under /etc/

Now, when I update the packages using dpkg, I notice that somehow some
configuration files and ssl certs are also created for the previous domain
name (maybe this domain name is still stored somewhere?)... Maybe a clean
install from scratch should solve the problem.

jitsi-meet-prosody package should take care of it.
Your steps seems right, but did you try installing the jitsi-meet-prosody,
before that? And Yes I did install jitsi-meet-prosody_1.0.2441-1_all.deb
using dpkg before that. After the update I get the errors that I mentioned
previously

Hamza

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#11

Hello,

And you are doing just apt-get install jitsi-meet?

Yes I removed everything and installed jitsi-meet using apt-get install jitsi-meet

Which source repository did you use stable/unstable or testing?

the stable one : https://download.jitsi.org stable/

The version of your operating system?

Debian Jessie 8.6

Regards,
Hamza

···

On Tue, Dec 12, 2017 at 2:57 AM, KHAIT Hamza - > SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE > <hamza.khait@i-carre.net> wrote:

Hello Damian,

I removed everything and made a fresh install of Jitsi Meet, however I'm
still having the certs issue between Jicofo and Prosody but with different
errors. Please find attached jicofo.log and prosody.log for more
information.

Here's an excerpt from jicofo log (full version attached) :

Jicofo 2017-12-11 16:03:16.707 GRAVE: [22]
org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() Failed to
connect/login: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at
org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1060)
        at
org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:982)
        at
org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:998)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
        at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
        at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
        at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
        at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
        at
org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:798)
        at
org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:150)
        at
org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1055)
        ... 3 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
        at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
        at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
        ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
        ... 19 more
Jicofo 2017-12-11 16:03:16.709 AVERTISSEMENT: [29]
org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener()
Connection XMPPTCPConnection[not-authenticated] (0) closed with error

Regards,
Hamza

Le 08/12/2017 16:29, > Damian Minkov (par Internet, dépôt >> dev-bounces@jitsi.org) a écrit :

Yep, this can be the domain changed. In order to be able to continue
upgrading from debian packages, it is not needed only to edit the config
files, before doing that you need to reconfigure packages with the new
domain name.
If you execute: debconf-get-selections | grep jitsi you will see on some
of the properties your old domain.
Clean install will definitely fix it. Backup your /etc/jitsi, /etc/prosody
and /etc/nginx folders and then apt-get --purge remove jitsi-meet
jitsi-meet-web jitsi-meet-prosody jitsi-meet-web-config jicofo
jitsi-videobridge.
Or you can try manipulating debconf values from the command line for
jitsi-meet-prosody, jitsi-meet-web-config, jicofo, jitsi-videobridge, but
this is dangerous and can mess up everything.

On Fri, Dec 8, 2017 at 9:12 AM, KHAIT Hamza - >>> SG/SPSSI/CPII/DOSE/ET/PNE >>> ANNUAIRE ET MESSAGERIE <hamza.khait@i-carre.net> wrote:
The issue you mention, is trying to setup it manually. While doing normal
apt-get install, which brings all dependencies with it should not have this
problem (which is not the case with dpkg). I used to update the packages
one-by-one using "dpkg -i" and I've never seen this error.
Unless I am mistaken I think the problem is related to the domain name
change. Few weeks ago, the domain name of my testing platform was
"gipsy-ida01.ida.melanie2.i2" but I decided to replace it with
"meet.gipsy-ida01.ida.melanie2.i2". I made this change in nginx, prosody,
jvb, jicofo and meet configuration files under /etc/

Now, when I update the packages using dpkg, I notice that somehow some
configuration files and ssl certs are also created for the previous domain
name (maybe this domain name is still stored somewhere?)... Maybe a clean
install from scratch should solve the problem.

jitsi-meet-prosody package should take care of it.
Your steps seems right, but did you try installing the jitsi-meet-prosody,
before that? And Yes I did install jitsi-meet-prosody_1.0.2441-1_all.deb
using dpkg before that. After the update I get the errors that I mentioned
previously

Hamza

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#12

Hi,

Hum maybe when removing the old auth cert stays in
/etc/prosody/certs/. If that happens it can mess up on a new install.

Check your prosody config /etc/prosody/conf.d/your_domain.cfg.lua
Does the auth virtual host looks like this:
https://github.com/jitsi/jitsi-meet/blob/master/doc/example-config-files/prosody.cfg.lua.example#L184
If not, update it to look like that and make sure that you put the
files from /etc/prosody/certs/ or /var/lib/prosody/ for your
auth.domain. After update restart prosody and wait a bit jicofo and
jvb to reconnect or restart them in this order jvb, jicofo.

Regards
damencho

···

On Tue, Dec 12, 2017 at 9:08 AM, KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE <hamza.khait@i-carre.net> wrote:

Hello,

And you are doing just apt-get install jitsi-meet?

Yes I removed everything and installed jitsi-meet using apt-get install
jitsi-meet

Which source repository did you use stable/unstable or testing?

the stable one : https://download.jitsi.org stable/

The version of your operating system?

Debian Jessie 8.6

Regards,
Hamza

On Tue, Dec 12, 2017 at 2:57 AM, KHAIT Hamza - >> SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE >> <hamza.khait@i-carre.net> wrote:

Hello Damian,

I removed everything and made a fresh install of Jitsi Meet, however I'm
still having the certs issue between Jicofo and Prosody but with
different
errors. Please find attached jicofo.log and prosody.log for more
information.

Here's an excerpt from jicofo log (full version attached) :

Jicofo 2017-12-11 16:03:16.707 GRAVE: [22]
org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() Failed to
connect/login: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find
valid certification path to requested target
org.jivesoftware.smack.SmackException:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find
valid certification path to requested target
        at

org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1060)
        at

org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:982)
        at

org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:998)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find
valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at

sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
        at

sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at
sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
        at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
        at

sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
        at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
        at

org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:798)
        at

org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:150)
        at

org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1055)
        ... 3 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable
to find valid certification path to requested target
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
        at

sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at

sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
        at

sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at

sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at

sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
        ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at

sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at

sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
        ... 19 more
Jicofo 2017-12-11 16:03:16.709 AVERTISSEMENT: [29]

org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener()
Connection XMPPTCPConnection[not-authenticated] (0) closed with error

Regards,
Hamza

Le 08/12/2017 16:29, > Damian Minkov (par Internet, dépôt >>> dev-bounces@jitsi.org) a écrit :

Yep, this can be the domain changed. In order to be able to continue
upgrading from debian packages, it is not needed only to edit the config
files, before doing that you need to reconfigure packages with the new
domain name.
If you execute: debconf-get-selections | grep jitsi you will see on some
of the properties your old domain.
Clean install will definitely fix it. Backup your /etc/jitsi,
/etc/prosody
and /etc/nginx folders and then apt-get --purge remove jitsi-meet
jitsi-meet-web jitsi-meet-prosody jitsi-meet-web-config jicofo
jitsi-videobridge.
Or you can try manipulating debconf values from the command line for
jitsi-meet-prosody, jitsi-meet-web-config, jicofo, jitsi-videobridge,
but
this is dangerous and can mess up everything.

On Fri, Dec 8, 2017 at 9:12 AM, KHAIT Hamza - SG/SPSSI/CPII/DOSE/ET/PNE >>>> ANNUAIRE ET MESSAGERIE <hamza.khait@i-carre.net> wrote:
The issue you mention, is trying to setup it manually. While doing
normal
apt-get install, which brings all dependencies with it should not have
this
problem (which is not the case with dpkg). I used to update the packages
one-by-one using "dpkg -i" and I've never seen this error.
Unless I am mistaken I think the problem is related to the domain name
change. Few weeks ago, the domain name of my testing platform was
"gipsy-ida01.ida.melanie2.i2" but I decided to replace it with
"meet.gipsy-ida01.ida.melanie2.i2". I made this change in nginx,
prosody,
jvb, jicofo and meet configuration files under /etc/

Now, when I update the packages using dpkg, I notice that somehow some
configuration files and ssl certs are also created for the previous
domain
name (maybe this domain name is still stored somewhere?)... Maybe a
clean
install from scratch should solve the problem.

jitsi-meet-prosody package should take care of it.
Your steps seems right, but did you try installing the
jitsi-meet-prosody,
before that? And Yes I did install jitsi-meet-prosody_1.0.2441-1_all.deb
using dpkg before that. After the update I get the errors that I
mentioned
previously

Hamza

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#13

Hello,

I solved my issue.
the problem was with Java Keystore. I reinstalled JRE and added the generated certificate for auth.domain manually to the JKS using the following cmd line :
keytool -import -noprompt -trustcacerts -alias <AliasName> -file <certificate> -keystore <KeystoreFile> -storepass <Password>

Thanks for your help and advice

Kind regards
Hamza

···

Le 12/12/2017 16:25, > Damian Minkov (par Internet, dépôt damencho@damencho.com) a écrit :

Hi,

Hum maybe when removing the old auth cert stays in
/etc/prosody/certs/. If that happens it can mess up on a new install.

Check your prosody config /etc/prosody/conf.d/your_domain.cfg.lua
Does the auth virtual host looks like this:
https://github.com/jitsi/jitsi-meet/blob/master/doc/example-config-files/prosody.cfg.lua.example#L184
If not, update it to look like that and make sure that you put the
files from /etc/prosody/certs/ or /var/lib/prosody/ for your
auth.domain. After update restart prosody and wait a bit jicofo and
jvb to reconnect or restart them in this order jvb, jicofo.

Regards
damencho

On Tue, Dec 12, 2017 at 9:08 AM, KHAIT Hamza - > SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE > <hamza.khait@i-carre.net> wrote:

Hello,

And you are doing just apt-get install jitsi-meet?

Yes I removed everything and installed jitsi-meet using apt-get install
jitsi-meet

Which source repository did you use stable/unstable or testing?

the stable one : https://download.jitsi.org stable/

The version of your operating system?

Debian Jessie 8.6

Regards,
Hamza

On Tue, Dec 12, 2017 at 2:57 AM, KHAIT Hamza - >>> SG/SPSSI/CPII/DOSE/ET/PNE ANNUAIRE ET MESSAGERIE >>> <hamza.khait@i-carre.net> wrote:

Hello Damian,

I removed everything and made a fresh install of Jitsi Meet, however I'm
still having the certs issue between Jicofo and Prosody but with
different
errors. Please find attached jicofo.log and prosody.log for more
information.

Here's an excerpt from jicofo log (full version attached) :

Jicofo 2017-12-11 16:03:16.707 GRAVE: [22]
org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() Failed to
connect/login: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find
valid certification path to requested target
org.jivesoftware.smack.SmackException:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find
valid certification path to requested target
        at

org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1060)
        at

org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:982)
        at

org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:998)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find
valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at

sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
        at

sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at
sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
        at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
        at

sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
        at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
        at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
        at

org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:798)
        at

org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:150)
        at

org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1055)
        ... 3 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable
to find valid certification path to requested target
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
        at

sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at

sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
        at

sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at

sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
        at

sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
        ... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at

sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at

sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
        ... 19 more
Jicofo 2017-12-11 16:03:16.709 AVERTISSEMENT: [29]

org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener()
Connection XMPPTCPConnection[not-authenticated] (0) closed with error

Regards,
Hamza

Le 08/12/2017 16:29, > Damian Minkov (par Internet, dépôt >>>> dev-bounces@jitsi.org) a écrit :

Yep, this can be the domain changed. In order to be able to continue
upgrading from debian packages, it is not needed only to edit the config
files, before doing that you need to reconfigure packages with the new
domain name.
If you execute: debconf-get-selections | grep jitsi you will see on some
of the properties your old domain.
Clean install will definitely fix it. Backup your /etc/jitsi,
/etc/prosody
and /etc/nginx folders and then apt-get --purge remove jitsi-meet
jitsi-meet-web jitsi-meet-prosody jitsi-meet-web-config jicofo
jitsi-videobridge.
Or you can try manipulating debconf values from the command line for
jitsi-meet-prosody, jitsi-meet-web-config, jicofo, jitsi-videobridge,
but
this is dangerous and can mess up everything.

On Fri, Dec 8, 2017 at 9:12 AM, KHAIT Hamza - >>>>> SG/SPSSI/CPII/DOSE/ET/PNE >>>>> ANNUAIRE ET MESSAGERIE <hamza.khait@i-carre.net> wrote:
The issue you mention, is trying to setup it manually. While doing
normal
apt-get install, which brings all dependencies with it should not have
this
problem (which is not the case with dpkg). I used to update the packages
one-by-one using "dpkg -i" and I've never seen this error.
Unless I am mistaken I think the problem is related to the domain name
change. Few weeks ago, the domain name of my testing platform was
"gipsy-ida01.ida.melanie2.i2" but I decided to replace it with
"meet.gipsy-ida01.ida.melanie2.i2". I made this change in nginx,
prosody,
jvb, jicofo and meet configuration files under /etc/

Now, when I update the packages using dpkg, I notice that somehow some
configuration files and ssl certs are also created for the previous
domain
name (maybe this domain name is still stored somewhere?)... Maybe a
clean
install from scratch should solve the problem.

jitsi-meet-prosody package should take care of it.
Your steps seems right, but did you try installing the
jitsi-meet-prosody,
before that? And Yes I did install jitsi-meet-prosody_1.0.2441-1_all.deb
using dpkg before that. After the update I get the errors that I
mentioned
previously

Hamza

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev