[jitsi-users] certificate is not trusted


#1

I'm getting the following error on Jitsi on Ubuntu[1] on AMD64, but not
Jitsi on OS X:

  Jitsi can't verify the identity of the server when
  connecting to [sip2sip.info]. The certificate is not
  trusted, which means that the server's identity cannot
  be automatically verified. Do you want to continue
  connecting? For more information, click "Show
  Certificate".

The problem only started today, it worked fine yesterday. What's the
right way to eliminate the problem?

I also just tried the nightly build of Jitsi
(jitsi_2.1.4518.10586-1_amd64.deb) and get the same error. I have also
tried removing the .jitsi directory to see if it was a configuration
issue, that had no effect either.

Regards,
/Lars

[1] $ apt-cache policy jitsi
jitsi:
Installed: 2.0.4506.10553-1
Candidate: 2.0.4506.10553-1


#2

It means that the certificate used to build an encrypted connection to sip2sip.info is not trusted by a certificate authority you trust.
Maybee the Certificate is not valid anymore (check the expiration time).

If the Certificate changed form yesterday to today you are in big trouble because someone might be trying to pull a man in the midle-attack on you.

Be carefull

···

--
Yannik V�lker


#3

I'm still getting the error below on version 2.1.4579.10796 of Jitsi for
Ubuntu AMD64 when it tries to connect to a sip2sip.info account:

   Jitsi can't verify the identity of the server when
   connecting to [sip2sip.info]. The certificate is not
   trusted, which means that the server's identity cannot
   be automatically verified. Do you want to continue
   connecting? For more information, click "Show
   Certificate".

Can it be that a certificate is missing from the build?

  $ apt-cache policy jitsi
  jitsi:
    Installed: 2.1.4579.10796-1

Regards,
/Lars
.

···

On 12.03.2013 10:19, Yannik Völker wrote:

It means that the certificate used to build an encrypted connection to
sip2sip.info is not trusted by a certificate authority you trust.
Maybee the Certificate is not valid anymore (check the expiration time).

If the Certificate changed form yesterday to today you are in big
trouble because someone might be trying to pull a man in the
midle-attack on you.

Be carefull


#4

Jitsi does not ship with CA keys so no, this is not a build related
problem. As Ingo already explained: this may be a matter of a missing cert
in the java store on Linux.

Also, did you compare the fingerprint with the one Ingo showed to you?

Emil

--sent from my mobile

···

On Apr 20, 2013 8:41 PM, "Lars Noodén" <lars.nooden@gmail.com> wrote:

On 12.03.2013 10:19, Yannik Völker wrote:
> It means that the certificate used to build an encrypted connection to
> sip2sip.info is not trusted by a certificate authority you trust.
> Maybee the Certificate is not valid anymore (check the expiration time).
>
> If the Certificate changed form yesterday to today you are in big
> trouble because someone might be trying to pull a man in the
> midle-attack on you.
>
> Be carefull

I'm still getting the error below on version 2.1.4579.10796 of Jitsi for
Ubuntu AMD64 when it tries to connect to a sip2sip.info account:

        Jitsi can't verify the identity of the server when
        connecting to [sip2sip.info]. The certificate is not
        trusted, which means that the server's identity cannot
        be automatically verified. Do you want to continue
        connecting? For more information, click "Show
        Certificate".

Can it be that a certificate is missing from the build?

        $ apt-cache policy jitsi
        jitsi:
          Installed: 2.1.4579.10796-1

Regards,
/Lars


#5

Thanks. I'm not seeing a mail in this thread from Ingo nor in the list
archives.

regards,
/Lars
.

···

On Sun, 21 Apr 2013, Emil Ivov wrote:

Jitsi does not ship with CA keys so no, this is not a build related problem. As
Ingo already explained: this may be a matter of a missing cert in the java store
on Linux.

Also, did you compare the fingerprint with the one Ingo showed to you?

Emil


#6

You initially cross posted on dev and users. Ingo replied on dev, which is
probably why you've missed it. (A demonstration of the very reason why we
should avoiding cross posting :wink: )

--sent from my mobile

···

On Apr 21, 2013 1:04 PM, "Lars Nooden" <lars.nooden@gmail.com> wrote:

On Sun, 21 Apr 2013, Emil Ivov wrote:
> Jitsi does not ship with CA keys so no, this is not a build related
problem. As
> Ingo already explained: this may be a matter of a missing cert in the
java store
> on Linux.
>
> Also, did you compare the fingerprint with the one Ingo showed to you?
>
> Emil

Thanks. I'm not seeing a mail in this thread from Ingo nor in the list
archives.

regards,
/Lars


#7

Sorry. The cross-posting was unintentional.

Looking at the dev- archive, I see Ingo's response. The certificate
fingerprint and cert issuer he responed with both match what I am getting
served when I start Jitsi. So his explanation about truststores is
probably right.

Regards,
/Lars

···

On Sun, 21 Apr 2013, Emil Ivov wrote:

You initially cross posted on dev and users. Ingo replied on dev, which is
probably why you've missed it. (A demonstration of the very reason why we should
avoiding cross posting :wink: )