Importing Certifcate causes "Server Connection Failed"

[wowsavvy]

Sorry to pester you, I'm on Mac OSX 10.8. Mumble and Murmur work well (newest releases), but I have an odd issue. I tried using the certificate wizard to import a certificate created by StartCom and Comodo, but upon switching to either of them, my server disconnects and says " Server connection failed: The remote host closed the connection." If Terminal is open, it says:

2013-06-02 14:38:31.296 1 => <1:(-1)> SSL Error: The root CA certificate is not trusted for this purpose

2013-06-02 14:38:31.297 1 => <1:(-1)> SSL Error: No certificates could be verified

2013-06-02 14:38:31.298 1 => <1:(-1)> Connection closed: [-1]

As soon as I switch back to the self-made Certificate auto-created by Mumble on first use, the server comes back online. It's not a big glitch as I can still use both services fine, but as it was recommended to create a secure Certificate, I wanted to try one. Both certificates end in .p12 and were exported with Keychain access. Both say they were signed by an unknown authority, but I tried telling the Comodo one to be trusted and it still doesn't work. I have also reinstalled both Mumble and Murmur.

No rush to reply! Thank you very much,

-Savvy

[mkrautz]

That sounds like a bug. I will have to investigate some more.

For now, I've created a bug report at https://sourceforge.net/p/mumble/bugs/993/ to track it.

[mkrautz]

Maybe you are importing a full certificate chain into Mumble, and your client gets confused?

Also, are you sure it's a client certificate (typically meant for S/MIME email encryption)?

One thing to try is to import the certificates into your Keychain, if they aren't already there.

Then, under "My Certificates" make sure you only click the leaf certificate (the one that is issued to you), and try to export it as a .p12 - and import that into Mumble.

That'll ensure that you have a 'clean' import (the resulting .p12 will only include your own certificate, and not any of its issuers).

I'm just throwing a few possibilities you can try, until I can take a look at it. :-)

[wowsavvy]

Thank you very much for the reply! I'm new to this so bear with me, but I believe it is a client certificate as I followed the steps on the mumble site for creating a free certificate via the two companies in this thread (http://mumble.sourceforge.net/Mumble_Certificates) , and then I exported them as per the instructions (tried one, got the error, made the other). I have tried exporting from both "certificates" and "my certificates" in keychain, clicking on the certificate individually and then r-clicking and asking to export to docs with a password as a personal info exchange .p12 format. There is a drop-down from each certificate in keychain which has a little key icon and says, in the Start one, "Key from www.startssl.com, Kind: private key, RSA, 2048-bit, Usage: any" It did offer me a different choice for size as I recall, when creating it, a 1k or the 2048 one, that was default so I took it, but maybe that is the issue?

Again no rush to reply and thank you for creating a bug thread, enjoy your Sunday!

[mkrautz]

Alright, it should be correct then.

I'll see if I can reproduce what you're seeing and get back to you.

[wowsavvy]

One final piece, I tried connecting to a random server (mumble.com Trial) and reproduced the issue, it's fine with my auto-created certificate (even re-imported) but not with the internet-created ones.