[jitsi-users] Jitsi can't verify the identity of the jit.si server

Hello everyone,

since a few days ago, I am receiving the following every time I login to the jit.si server:

Jitsi can't verify the identity of the server when connecting to
[jit.si, _xmpp-client.jit.si].

The certificate is not trusted, which means that the server's identity
cannot be automatically verified.

Do you want to continue connecting?
For more information, click "Show Certificate".

This didn't happen only the first time after the certificate was changed, it keeps happening ever since.

Is it worrying? How do I solve this?

Thanks in advance,
John

since a few days ago, I am receiving the following every time I login to
the jit.si server:

Jitsi can't verify the identity of the server when connecting to
[jit.si, _xmpp-client.jit.si].

The certificate is not trusted, which means that the server's identity
cannot be automatically verified.

Do you want to continue connecting?
For more information, click "Show Certificate".

This didn't happen only the first time after the certificate was
changed, it keeps happening ever since.

Is it worrying? How do I solve this?

Probably not, but you might want to check if the SHA1-thumbprint in the
dialog is 26c631b7ca3c2b8383dbe13226010443622c13bb.

What OS and Jitsi version are you running? If you're on Linux, which
Java/JRE/OpenJDK version?

Thanks in advance,
John

Ingo

Today I am getting the same error message, see attachment. I think it
must have been the same issue that one of our supporters reported to us
yesterday. I note that the SHA1 matches, so this should be safe to
ignore, right?

Interestingly, I have not chosen to ignore the message yet, but now I am
suddenly able to log in anyway. No certificate error this time.

This test was on Windows 7 with Jitsi 2.4.4997.

The SHA1 thumbprint matches. I run Windows 7 (x64) and Jitsi 2.4.4997. I use ffox, so I visited jitsi.org with IE, just so it fetches the SSL certificate which is issued by GoDaddy, but I still get the message when logging in in Jitsi.

Regards

Hi everyone,

I have the same issue with the jit.si service, but with pidgin client on
archlinux. The error that pidgin gives is:

"Unable to validate certificate
The certificate for jit.si could not be validated. The certificate chain
presented is invalid.
SSL peer presented an invalid certificate"

Any hints would be greatly appreciated.

Regards,
Asen

Same issue with Xabber on CyanogenMod 11.

Regards
pakito

- --
PGP/GPG Key 0x840759B0 on hkp://pool.sks-keyservers.net
Fingerprint CE77 230D E55B C49C BDCD BCEF 66FD 3C46 8407 59B0

Today I am getting the same error message, see attachment. I think it
must have been the same issue that one of our supporters reported to us
yesterday. I note that the SHA1 matches, so this should be safe to
ignore, right?

Yes.

Interestingly, I have not chosen to ignore the message yet, but now I am
suddenly able to log in anyway. No certificate error this time.

This test was on Windows 7 with Jitsi 2.4.4997.

Unless this was a fairly new install and you've never visited an SSL website
with IE or Chrome that had its certificate from GoDaddy, this shouldn't
happen.

Ingo

The SHA1 thumbprint matches. I run Windows 7 (x64) and Jitsi 2.4.4997. I
use ffox, so I visited jitsi.org with IE, just so it fetches the SSL

jitsi.org and jit.si use different certificates from different GoDaddy root CAs. Please try to give https://jit.si a visit.

certificate which is issued by GoDaddy, but I still get the message when
logging in in Jitsi.

Regards

Ingo

Yup, now it didn't show that certificate dialog

Just to let everyone know, we are aware of this and we are debugging the
issue.
We had a certificate change on Nov 7, the new certificate is installed but
there are some problems with the certificate chain for sha-2 certificates
from godaddy and java. The effect is on xmpp server on jit.si only, not the
web server there. I'll keep you posted.

The problem is with JRE not with jitsi client.