[jitsi-users] Jitsi can't verify the identity of the jit.si server


#1

Hello everyone,

since a few days ago, I am receiving the following every time I login to the jit.si server:

Jitsi can't verify the identity of the server when connecting to
[jit.si, _xmpp-client.jit.si].

The certificate is not trusted, which means that the server's identity
cannot be automatically verified.

Do you want to continue connecting?
For more information, click "Show Certificate".

This didn't happen only the first time after the certificate was changed, it keeps happening ever since.

Is it worrying? How do I solve this?

Thanks in advance,
John


#2

since a few days ago, I am receiving the following every time I login to
the jit.si server:

Jitsi can't verify the identity of the server when connecting to
[jit.si, _xmpp-client.jit.si].

The certificate is not trusted, which means that the server's identity
cannot be automatically verified.

Do you want to continue connecting?
For more information, click "Show Certificate".

This didn't happen only the first time after the certificate was
changed, it keeps happening ever since.

Is it worrying? How do I solve this?

Probably not, but you might want to check if the SHA1-thumbprint in the
dialog is 26c631b7ca3c2b8383dbe13226010443622c13bb.

What OS and Jitsi version are you running? If you're on Linux, which
Java/JRE/OpenJDK version?

Thanks in advance,
John

Ingo


#3

Today I am getting the same error message, see attachment. I think it
must have been the same issue that one of our supporters reported to us
yesterday. I note that the SHA1 matches, so this should be safe to
ignore, right?

Interestingly, I have not chosen to ignore the message yet, but now I am
suddenly able to log in anyway. No certificate error this time.

This test was on Windows 7 with Jitsi 2.4.4997.

···

---
Kind regards
Anders
www.PrivacyDefence.org

Public key:
www.privacydefence.org/?page_id=69

On 09-11-2014 12:21, Ingo Bauersachs wrote:

since a few days ago, I am receiving the following every time I login to
the jit.si server:

Jitsi can't verify the identity of the server when connecting to
[jit.si, _xmpp-client.jit.si].

The certificate is not trusted, which means that the server's identity
cannot be automatically verified.

Do you want to continue connecting?
For more information, click "Show Certificate".

This didn't happen only the first time after the certificate was
changed, it keeps happening ever since.

Is it worrying? How do I solve this?

Probably not, but you might want to check if the SHA1-thumbprint in the
dialog is 26c631b7ca3c2b8383dbe13226010443622c13bb.

What OS and Jitsi version are you running? If you're on Linux, which
Java/JRE/OpenJDK version?

Thanks in advance,
John

Ingo

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

The SHA1 thumbprint matches. I run Windows 7 (x64) and Jitsi 2.4.4997. I use ffox, so I visited jitsi.org with IE, just so it fetches the SSL certificate which is issued by GoDaddy, but I still get the message when logging in in Jitsi.

Regards

···

On Κυρ 09 Νοε 2014 13:21, Ingo Bauersachs wrote:

since a few days ago, I am receiving the following every time I login to
the jit.si server:

Jitsi can't verify the identity of the server when connecting to
[jit.si, _xmpp-client.jit.si].

The certificate is not trusted, which means that the server's identity
cannot be automatically verified.

Do you want to continue connecting?
For more information, click "Show Certificate".

This didn't happen only the first time after the certificate was
changed, it keeps happening ever since.

Is it worrying? How do I solve this?

Probably not, but you might want to check if the SHA1-thumbprint in the
dialog is 26c631b7ca3c2b8383dbe13226010443622c13bb.

What OS and Jitsi version are you running? If you're on Linux, which
Java/JRE/OpenJDK version?

Thanks in advance,
John

Ingo

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#5

Hi everyone,

I have the same issue with the jit.si service, but with pidgin client on
archlinux. The error that pidgin gives is:

"Unable to validate certificate
The certificate for jit.si could not be validated. The certificate chain
presented is invalid.
SSL peer presented an invalid certificate"

Any hints would be greatly appreciated.

Regards,
Asen


#6

Same issue with Xabber on CyanogenMod 11.

Regards
pakito

- --
PGP/GPG Key 0x840759B0 on hkp://pool.sks-keyservers.net
Fingerprint CE77 230D E55B C49C BDCD BCEF 66FD 3C46 8407 59B0

···

On 09.11.2014 11:25, "ReD-TeK Co � Web Development Dpt." wrote:

since a few days ago, I am receiving the following every time I
login to the jit.si server:

Jitsi can't verify the identity of the server when connecting to
[jit.si, _xmpp-client.jit.si].


#7

Today I am getting the same error message, see attachment. I think it
must have been the same issue that one of our supporters reported to us
yesterday. I note that the SHA1 matches, so this should be safe to
ignore, right?

Yes.

Interestingly, I have not chosen to ignore the message yet, but now I am
suddenly able to log in anyway. No certificate error this time.

This test was on Windows 7 with Jitsi 2.4.4997.

Unless this was a fairly new install and you've never visited an SSL website
with IE or Chrome that had its certificate from GoDaddy, this shouldn't
happen.

Ingo


#8

The SHA1 thumbprint matches. I run Windows 7 (x64) and Jitsi 2.4.4997. I
use ffox, so I visited jitsi.org with IE, just so it fetches the SSL

jitsi.org and jit.si use different certificates from different GoDaddy root CAs. Please try to give https://jit.si a visit.

certificate which is issued by GoDaddy, but I still get the message when
logging in in Jitsi.

Regards

Ingo


#9

Yup, now it didn't show that certificate dialog :slight_smile:

···

On Κυρ 09 Νοε 2014 19:11, Ingo Bauersachs wrote:

The SHA1 thumbprint matches. I run Windows 7 (x64) and Jitsi 2.4.4997. I
use ffox, so I visited jitsi.org with IE, just so it fetches the SSL

jitsi.org and jit.si use different certificates from different GoDaddy root CAs. Please try to give https://jit.si a visit.

certificate which is issued by GoDaddy, but I still get the message when
logging in in Jitsi.

Regards

Ingo

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#10

Just to let everyone know, we are aware of this and we are debugging the
issue.
We had a certificate change on Nov 7, the new certificate is installed but
there are some problems with the certificate chain for sha-2 certificates
from godaddy and java. The effect is on xmpp server on jit.si only, not the
web server there. I'll keep you posted.

···

On Mon, Nov 10, 2014 at 2:20 AM, debian <allmymaillists@gmail.com> wrote:

I have the same issue with the jit.si service, but with pidgin client

--
Yasen Pramatarov
sysadmin, https://jitsi.org


#11

The problem is with JRE not with jitsi client.

···

On 2014-11-12 11:04, Yasen Pramatarov wrote:

Just to let everyone know, we are aware of this and we are debugging
the issue.
We had a certificate change on Nov 7, the new certificate is
installed but there are some problems with the certificate chain for
sha-2 certificates from godaddy and java. The effect is on xmpp server
on jit.si [1] only, not the web server there. I'll keep you posted.