Jump to content
Mumble forums

[Resolved] SSL Error: No certificates could be verified

Lenwe

By Lenwe,
in Technical

 Share

Recommended Posts

Lenwe Newbie

Lenwe

Posted
Posted (edited)

Hi


I can't make my Mumble server to work with a certificate, I keep having this error whenever I try to log with the latest client :

<W>2016-02-26 15:35:59.608 1 => <2:(-1)> New connection: xxx.xxx.xxx.xxx:yyyyy
<W>2016-02-26 15:35:59.776 1 => <2:(-1)> SSL Error: No certificates could be verified
<W>2016-02-26 15:35:59.868 1 => <2:(-1)> Connection closed:  [-1]

 

The server is running on Ubuntu 14.04 LTS

murmurd -- 1.2.4-0.2ubuntu1.1


I followed this tutorial : https://wiki.mumble.info/wiki/Obtaining_a_StartCom_Murmur_Certificate


It's outdated because it tells "After the certificate is generated the contents of the textarea should be placed in a new file, ssl_mumble.crt." but there is no more textarea when the process is over. Now StartSSL returns a .zip file containing a bunch of certificate files such as root.crt, 1_Intermediate.crt and 2_mydomain.tld.crt so I suppose the right one is the one named after the registered domain.


Here is what I did :


in /etc/mumble-server.ini :

sslCert=ssl_mumble_concat.crt
sslKey=mumble.key

 

Then I generated the key:

openssl req -nodes -newkey rsa:2048 -nodes -keyout mumble.key -out server_mumble.csr

Then, on the StartSSL website :

http://i.imgur.com/jCe5aiN.jpg


Then I grabbed the file 2_mydomain.tld.crt from OtherServer.zip file and pasted the content in a new ssl_mumble.crt file:

wget --no-check-certificate https://www.startssl.com/certs/sub.class1.server.ca.pem
cat sub.class1.server.ca.pem > ssl_mumble_concat.crt
cat ssl_mumble.crt >> ssl_mumble_concat.crt
sudo cp ssl_mumble_concat.crt /etc/ssl_mumble_concat.crt
sudo cp mumble.key /etc/mumble.key
sudo service mumble-server restart

 

And now I get this error at every connection.


Any idea about what's wrong?

Edited by Lenwe
Link to comment
Share on other sites
Lenwe Newbie

Lenwe

Posted
  • Author
Posted

Finally resolved it.


StartSSL provides a domain certificate, an intermediate certificate and a root certificate. The ssl_mumble.crt file is the concatenation of domain + intermediate (there are 2 --+ BEGIN/END CERTIFICATE --- blocks in it).


I used the .crt file from the NginxServer.zip file and it worked.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...