This is a read-only archive of the Mumble forums.

This website archives and makes accessible historical state. It receives no updates or corrections. It is provided only to keep the information accessible as-is, under their old address.

For up-to-date information please refer to the Mumble website and its linked documentation and other resources. For support please refer to one of our other community/support channels.

Jump to content

Error with an SSL certificate? Not sure what this means


jllmprrt
 Share

Recommended Posts

This is the error I've been getting lately:


[11:43:44 PM] SSL Verification failed: The certificate is self-signed, and untrusted

[11:47:50 PM] Connecting to server 216.127.64.28.

[11:47:50 PM] SSL Verification failed: The host name did not match any of the valid hosts for this certificate


I have been getting this for about two months, and finally came around to using your tech support. I talked with a "SeanV" and he suggested I come here and post. Any help would be appreciated. Thanks!

Link to comment
Share on other sites

hi,


This is a normal message for common servers. You have to understand something about the ssl/tls ca system.


the ca system, certification authority, is a system in which service provider can get certificates signed by authorities. They (inventor of ca concept) thought, if you thrust these authorities it is a nice syetem. In general this is right But in our case we have the problem that these system is "obsoleted" and certifications cost a lot of money... In this context it became a common praxis to self sign your own certificates and rely on the communication partners to check there identity manually.


So if you connect to an server the first time you will get this wired message which only means that you should be aware of this situation and check that this is the certificate of the server you want to connect to. If you have trust in your internet provider you can confirm this without problems, best would be to ask the service provider (of that mumble server) using an independent way of communication, you can also check some services like EFFs SSL Observatory or ask a friend... but in most cases these amount of security isnt required and you can just confirm the certificate without further checking.. See also man in the middle attack[01].


in my opinion we have a problem in these notification of connection security to the user in general... for example:


case one: if you visit a website (or any other service without encryption) that uses no encryption you are as insecure as you can be (more there are not more openess then plain text) But you can visit this site without any notification about this lack of security.


case two: If you are visiting a website which is using TLS/SSL with self signed certificates then you have much more security then in case one but you will get a very huge security warning message that you have to accept (with sometimes hidden options for that).


case three: if you visiting a website that uses using TLS/SSL with an certificate signed from some institution which is in the list of your system/browser/whatever than you will have some more security then in case two, and no message to confirm, but the security gain of security is much lesser than that between case one and two.


So much users are confused by this behavior of information technical systems...


OK, that was more philosophy then telling you what to do, but that you have to decide for your own in general. I would suggest to just accept the server certificate and be lucky. But if you want you can dive in deeper in to that topic. Maybe we should rebuild mumble for the use of web of trust systems instead of that obsolete ca based system...


01. https://www.eff.org/observatory

Link to comment
Share on other sites

 Share

×
×
  • Create New...