This is a read-only archive of the Mumble forums.

This website archives and makes accessible historical state. It receives no updates or corrections. It is provided only to keep the information accessible as-is, under their old address.

For up-to-date information please refer to the Mumble website and its linked documentation and other resources. For support please refer to one of our other community/support channels.

Jump to content

OpenSSL Certificate Concat


Recommended Posts

(Cross-posting from the SourceForge discussion)

Ok, I'm trying to generate a certificate for murmur, and I am at a complete loss here guys. Any help or advice is greatly appreciated.

I started by generating the mumble.key. Simple enough, continued on the create a domain and validate it, and generate the ssl_mumble.crt. I do NOT have a subdomain registered with my domain, so when StartCom asked for one, I used something that doesn't truly exist. Regardless, it accepted and generated the key. This is where things kinda break down. I'm using Win7 x64, so cat isn't exactly a viable command. Instead I'm using the "type" command as follows:


type > ssl_mumble_concat.crt
type ssl_mumbl.crt >> ssl_mumble_concat.crt


Pointing the murmur.ini to these files and running murmur.exe -wipessl comes up with the "Failed to find certificate matching private key" error. Right, so, covers this, stating

If you've followed the above instructions, but murmur reports "Failed to find certificate matching private key" on startup, your system certificates are possibly outdated. Debian 5.0 Lenny is affected by this. To solve this issue, add the StartCom Certificate Authority certificate to the certificates file by running the next command in the directory containing ssl_mumble_concat.crt:

So I did such, using:


type ca.pem >> ssl_mumble_concat.crt


And of course, I have the same issue, "Failed to find certificate matching private key". So I decide to check if the key and certificate match, using:


openssl x509 -noout -modulus -in ssl_mumble_concat.crt | openssl md5
openssl rsa -noout -modulus -in mumble.key | openssl md5


The two mismatched. Right, so that won't work, let's take it back an iteration and concatenate the ssl_mumble_concat.crt without the ca.pem.

Still a mismatch, so let's see if the mumble.key and ssl_mumble.crt match. Funny thing, the mumble.key and ssl_mumble.crt stdin match when using the x509 and rsa checks.So I'm a little confused as to why the concatenation step exists. But, I think that may be where my error is.

So moving on, I then try to point the sslcertificate in the murmur.ini to ssl_mumble.crt. This time, the server actually runs. Great! The only problem now is I can't get a client to join. I'm getting the following error on the server:

<1:(-1)> SSL Error: No certificates could be verified


To summarize, my issues are:

-combining and ssl_mumble with or without combining ca.pem results in a "Failed to find certificate matching private key," and the x509 and rsa openssl modules confirm this.

-Using only the ssl_mumble.crt with the mumble.key matches, however, results in certificates not being verified when a client attempts to join.

My questions are:

-What am I doing wrong in creating a certificate for murmur?

-Why does the concatenation step exist when it causes the key and the certificate to not match? Does the concatenation exist so that certificates have a way to be verified?


Link to comment
Share on other sites


  • Create New...