I have signed certificate for robkalmeijer.nl but prosody shows errors and only Monal on the ipad can login with TLS.
[root@server3 prosody]# service prosody restart
Stoppen van Prosody XMPP (Jabber) server: [ OK ]
Starten van Prosody XMPP (Jabber) server: [ OK ]
cat prosody.log
Apr 06 18:45:47 mod_posix warn Received SIGTERM
Apr 06 18:45:47 startup info Shutting down: Received SIGTERM
Apr 06 18:45:47 socket debug server.lua: closed server handler and removed sockets from list
Apr 06 18:45:47 socket debug server.lua: closed server handler and removed sockets from list
Apr 06 18:45:47 socket debug server.lua: closed server handler and removed sockets from list
Apr 06 18:45:47 socket debug server.lua: closed server handler and removed sockets from list
Apr 06 18:45:47 general info Shutting down...
Apr 06 18:45:47 general info Shutdown status: Cleaning up
Apr 06 18:45:47 general info Shutdown complete
Apr 06 18:45:48 startup info Hello and welcome to Prosody version 0.11.2
Apr 06 18:45:48 stats debug Statistics disabled
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for client_https...
Apr 06 18:45:48 certmanager debug No certificate/key found for client_https
Apr 06 18:45:48 startup info Prosody is using the select backend for connection handling
Apr 06 18:45:48 hostmanager debug Activated host: robkalmeijer.nl
Apr 06 18:45:48 usermanager debug Host 'robkalmeijer.nl' now set to use user provider 'internal_hashed'
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for robkalmeijer.nl...
Apr 06 18:45:48 certmanager debug No certificate/key found for robkalmeijer.nl
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for nl...
Apr 06 18:45:48 certmanager debug No certificate/key found for nl
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for robkalmeijer.nl...
Apr 06 18:45:48 certmanager debug No certificate/key found for robkalmeijer.nl
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for nl...
Apr 06 18:45:48 certmanager debug No certificate/key found for nl
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for robkalmeijer.nl...
Apr 06 18:45:48 certmanager debug No certificate/key found for robkalmeijer.nl
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for nl...
Apr 06 18:45:48 certmanager debug No certificate/key found for nl
Apr 06 18:45:48 storagemanager debug map storage driver unavailable, using shim on top of keyval store.
Apr 06 18:45:48 portmanager debug No active service for c2s, activating...
Apr 06 18:45:49 socket debug server.lua: new server listener on '[::]:5222'
Apr 06 18:45:49 portmanager debug Added listening service c2s to [::]:5222
Apr 06 18:45:49 socket debug server.lua: new server listener on '[*]:5222'
Apr 06 18:45:49 portmanager debug Added listening service c2s to [*]:5222
Apr 06 18:45:49 portmanager info Activated service 'c2s' on [::]:5222, [*]:5222
Apr 06 18:45:49 portmanager debug No active service for legacy_ssl, activating...
Apr 06 18:45:49 portmanager info Activated service 'legacy_ssl' on no ports
Apr 06 18:45:49 portmanager debug No active service for s2s, activating...
Apr 06 18:45:49 socket debug server.lua: new server listener on '[::]:5269'
Apr 06 18:45:49 portmanager debug Added listening service s2s to [::]:5269
Apr 06 18:45:49 socket debug server.lua: new server listener on '[*]:5269'
Apr 06 18:45:49 portmanager debug Added listening service s2s to [*]:5269
Apr 06 18:45:49 portmanager info Activated service 's2s' on [::]:5269, [*]:5269
Apr 06 18:45:49 mod_posix info Prosody is about to detach from the console, disabling further console output
Apr 06 18:45:49 mod_posix info Successfully daemonized to PID 22485
Apr 06 18:45:49 storagemanager debug map storage driver unavailable, using shim on top of keyval store.
Apr 06 18:45:49 modulemanager debug pep is already loaded for robkalmeijer.nl, so not loading again
[root@server3 conf.d]# cat robkalmeijer.cfg.lua
-- Section for VirtualHost robkalmeijer.nl
VirtualHost "robkalmeijer.nl"
-- Prosody will automatically search for a certificate and key
-- in /etc/prosody/certs/ unless a path is manually specified
-- in the config file, see https://prosody.im/doc/certificates
ssl = {
key = "/etc/pki/tls/private/robkalmeijer.nl.key";
certificate = "/etc/pki/tls/certs/robkalmeijer.nl.crt";
capath = "/etc/pki/tls/certs";
}
------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see https://prosody.im/doc/components
---Set up a MUC (multi-user chat) room server on conference.robkalmeijer.nl:
--Component "conference.robkalmeijer.nl" "muc"
--- Store MUC messages in an archive and allow users to access it
--modules_enabled = { "muc_mam" }
-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
--Component "proxy.robkalmeijer.nl" "proxy65"
---Set up an external component (default component port is 5347)
--
-- External components allow adding various services, such as gateways/
-- transports to other networks like ICQ, MSN and Yahoo. For more info
-- see: https://prosody.im/doc/components#addin ... _component
--
--Component "gateway.robkalmeijer.nl"
-- component_secret = "password"
[root@server3 certs]# ll
totaal 1184
-rw-r--r--. 1 root root 754217 feb 28 2018 ca-bundle.crt
-rw-r--r--. 1 root root 418126 feb 28 2018 ca-bundle.trust.crt
-rw-r--r--. 1 root root 5165 feb 14 16:42 fullchain.pem
-rw-r--r--. 1 root root 1720 sep 4 2018 intermediateCA.crt
-rwxr-xr-x. 1 root root 610 mrt 22 2017 make-dummy-cert
-rw-r--r--. 1 root root 2242 mrt 22 2017 Makefile
-rwxr-xr-x. 1 root root 829 mrt 22 2017 renew-dummy-cert
-rw-r--r--. 1 root root 2131 aug 29 2018 robkalmeijer.nl.crt
-rw-r--r--. 1 root root 1314 sep 4 2018 rootCA.crt
Any suggestions? The prosody site is a dead and, no replies
prosody not accepting my ssl certificates
-
- Posts: 37
- Joined: 2012/03/27 00:15:55
- Contact:
Re: prosody not accepting my ssl certificates
That says it's searching /etc/pki/tls/certs for the key and the cert but your key is not in there, it's in a different directory.Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for robkalmeijer.nl...
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 37
- Joined: 2012/03/27 00:15:55
- Contact:
Re: prosody not accepting my ssl certificates
I checked the paths many times and its should working.
Is I noted one client can connect with TLS, so thats makes strange.
Is I noted one client can connect with TLS, so thats makes strange.
-
- Posts: 37
- Joined: 2012/03/27 00:15:55
- Contact:
Re: prosody not accepting my ssl certificates
I created after receiving an renewal of the crt an new fullchain.
The earlier root CA was not correct. Now may problem disappeared.
The earlier root CA was not correct. Now may problem disappeared.