You are here:

trouble setting up certificate

Submitted by justin on Sun, 2010-01-24 22:46

Tigase admin support

Hi,

TLS was working out of the box but with a dummy certificate. So I tried to install a real certificate by following the instructions here:

http://www.tigase.org/content/creating-and-loading-server-certificate-pe...

I'm using a startcom cert, and I created the concatenated PEM file in this order: domain cert, domain key, startcom intermediate cert, startcom root cert.

Now when I start the server, it no longer works (connection refused) and I see this in the log:

2010-01-24 21:35:58 ThreadExceptionHandler.uncaughtException() SEVERE: Uncaught thread: "main" exceptionjava.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider

I tried installing Bouncy Castle but then got different errors. I talked to another Tigase user and he said he did not have to install Bouncy Castle so I think something is fishy. Any idea of the problem?

Thanks

Ah, yes, indeed, there is not

Submitted by Artur Hefczyc on Mon, 2010-03-29 21:24.

Ah, yes, indeed, there is not third-party libraries in the tar.gz but I think I can relax this restriction in next releases.

Ah, I just used the .tar.gz

Submitted by justin on Mon, 2010-03-29 19:27.

Ah, I just used the .tar.gz

I have just installed the

Submitted by Artur Hefczyc on Sun, 2010-03-28 22:07.

I have just installed the Tigase from the Tigase installer and the bcprov has been installed with default settings.

by the way, I should have

Submitted by justin on Sun, 2010-03-28 20:19.

by the way, I should have mentioned: bcprov is still not provided even in the latest beta (2135). but if I use the file you attached here then the server works.

Thank you very much for the

Submitted by Artur Hefczyc on Tue, 2010-01-26 19:06.

Thank you very much for the hint. I will ask Bartek to update the doc. We have also started to work on a better/easier support for certificates with some UI for managing them. This should solve this kind of issues in the future.

Ah hah, it seems that Tigase

Submitted by justin on Tue, 2010-01-26 18:38.

Ah hah, it seems that Tigase does not support PKCS#8 keys. This is the universal container format for private keys that uses: "-----BEGIN PRIVATE KEY-----"

I've converted the key to the RSA-specific format which uses "-----BEGIN RSA PRIVATE KEY-----" and now it works!

By the way, here is how to convert with the 'openssl' tool:

openssl rsa -in private_key.pem > private_key_rsa.pem

Stupid question: maybe you

Submitted by bmalkow on Tue, 2010-01-26 12:27.

Stupid question: maybe you put encrypted private key???

file with keys and certificates should looks like this:
-----BEGIN CERTIFICATE-----
MIIG/TCCBeWgAwIBAgIDAOwZMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
.
.
.
pSLqw/PmSLSmUNIr8yQnhy4=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
WW91J3JlIGtpZGRpbmchISEKSSBkb24ndCBzaG93IHlvdSBvdXIgcHJpdmF0ZSBr
.
.
.
ZXkhISEhCkNyZWF0ZSB5b3VyIG93biA7KSA7KSA7KQo=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
.
.
.
xV/stleh
-----END CERTIFICATE-----

Thanks. I've deleted the old

Submitted by justin on Tue, 2010-01-26 06:46.

Thanks. I've deleted the old jar and put yours in place of it.

Now I get this in the log when starttls occurs:

2010-01-26 05:36:22 PEMSSLContextContainer.getSSLContext() SEVERE: Error on creating SSLContext for host [...myhost...]java.security.KeyStoreException: Cannot store non-PrivateKeys
at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:233)
at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:38)
at java.security.KeyStore.setKeyEntry(KeyStore.java:880)
at tigase.extras.io.PEMSSLContextContainer.loadFromPEMFile(PEMSSLContextContainer.java:396)
at tigase.extras.io.PEMSSLContextContainer.getSSLContext(PEMSSLContextContainer.java:276)
at tigase.io.TLSUtil.getSSLContext(TLSUtil.java:77)
at tigase.net.IOService.startTLS(IOService.java:184)
at tigase.server.xmppclient.ClientConnectionManager.processCommand(ClientConnectionManager.java:211)
at tigase.server.xmppclient.ClientConnectionManager.processPacket(ClientConnectionManager.java:106)
at tigase.server.AbstractMessageReceiver$QueueListener.run(AbstractMessageReceiver.java:752)

This is probably due to

Submitted by Artur Hefczyc on Mon, 2010-01-25 16:14.

This is probably due to compatibility problems. I can't believe the library was not included in the installation package. I am sorry for this. The funny thing is that you are actually the first one to report it.

I will fix this in the next release but in the mean time please use the library attached to this post. Do not forget to remove the library you downloaded from the internet.

I hope this solves your problem, if not please contact me.

Attachment	Size
bcprov-jdk16-136.jar	1.4 MB

Post new comment

Your name:

E-mail:

The content of this field is kept private and will not be shown publicly.

Homepage:

Comment: *

Input format

Filtered HTML

Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre>
You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
Lines and paragraphs break automatically.
AJAX checkboxes can be added to this post, defined like this: [cb unique_checkbox_id Check this!].
Web page addresses and e-mail addresses turn into links automatically.

Navigation

Tag Cloud

Links

New forum topics

Recent tickets

Recent comments

Minis from XMPP

The first final version in Tigase 5_x line has been released

Tigase 5

Functional tests completed

Mini stats

Poll

planet.jabber.org

Mollom stats

trouble setting up certificate

Ah, yes, indeed, there is not

Ah, I just used the .tar.gz

I have just installed the

by the way, I should have

Thank you very much for the

Ah hah, it seems that Tigase

Stupid question: maybe you

Thanks. I've deleted the old

This is probably due to

Comment viewing options

Post new comment