Skip to content

self-signed cert #2607

New issue
New issue
Closed
Closed
self-signed cert#2607
@ghost

Description

@ghost
ghost
opened on Sep 19, 2018

What version of ejabberd are you using?

18.06-3

What operating system (version) are you using?

Archlinux 4.18.8.a-1-hardened

How did you install ejabberd (source, package, distribution)?

package

What did not work as expected? Are there error messages in the log? What
was the unexpected behavior? What was the expected result?

i generate self-signed cert for my onion domain:

openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj /CN=b7sssd27ldcy27fj.onion,*.b7sssd27ldcy27fj.onion

but Ejabberd not accept it.
how to fix this problem?

  • [warning] <0.366.0>@ejabberd_pkix:validate:615 Failed to validate certificate from /etc/ejabberd/cert.pem: self-signed certificate
  • [warning] <0.366.0>@ejabberd_pkix:handle_call:259 No certificate found matching 'b7sssd27ldcy27fj.onion': strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let's Encrypt (www.letsencrypt.org)
  • [info] <0.343.0>@gen_mod:start_modules:130 Loading modules for b7sssd27ldcy27fj.onion
  • [warning] <0.343.0>@gen_mod:sort_modules:155 Module 'mod_mam' is recommended for module 'mod_muc' but is not found in the config
  • [warning] <0.366.0>@ejabberd_pkix:handle_call:259 No certificate found matching 'conference.b7sssd27ldcy27fj.onion': strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let's Encrypt (www.letsencrypt.org)
  • [warning] <0.366.0>@ejabberd_pkix:handle_call:259 No certificate found matching 'pubsub.b7sssd27ldcy27fj.onion': strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let's Encrypt (www.letsencrypt.org)
  • [warning] <0.366.0>@ejabberd_pkix:handle_call:259 No certificate found matching 'echo.b7sssd27ldcy27fj.onion': strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let's Encrypt (www.letsencrypt.org)
  • [info] <0.374.0>@ejabberd_listener🉑272 (<0.523.0>) Accepted connection 127.0.0.1:46196 -> 127.0.0.1:5222
    [warning] <0.523.0>@ejabberd_c2s:process_terminated:289 (tls|<0.523.0>) Failed to secure c2s connection: TLS failed: client renegotiations forbidden

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions