This is a read-only archive of the Mumble forums.

This website archives and makes accessible historical state. It receives no updates or corrections. It is provided only to keep the information accessible as-is, under their old address.

For up-to-date information please refer to the Mumble website and its linked documentation and other resources. For support please refer to one of our other community/support channels.

Jump to content

[Resolved] SSL Error: No certificates could be verified


Lenwe
 Share

Recommended Posts

Hi


I can't make my Mumble server to work with a certificate, I keep having this error whenever I try to log with the latest client :

<W>2016-02-26 15:35:59.608 1 => <2:(-1)> New connection: xxx.xxx.xxx.xxx:yyyyy
<W>2016-02-26 15:35:59.776 1 => <2:(-1)> SSL Error: No certificates could be verified
<W>2016-02-26 15:35:59.868 1 => <2:(-1)> Connection closed:  [-1]

 

The server is running on Ubuntu 14.04 LTS

murmurd -- 1.2.4-0.2ubuntu1.1


I followed this tutorial : https://wiki.mumble.info/wiki/Obtaining_a_StartCom_Murmur_Certificate


It's outdated because it tells "After the certificate is generated the contents of the textarea should be placed in a new file, ssl_mumble.crt." but there is no more textarea when the process is over. Now StartSSL returns a .zip file containing a bunch of certificate files such as root.crt, 1_Intermediate.crt and 2_mydomain.tld.crt so I suppose the right one is the one named after the registered domain.


Here is what I did :


in /etc/mumble-server.ini :

sslCert=ssl_mumble_concat.crt
sslKey=mumble.key

 

Then I generated the key:

openssl req -nodes -newkey rsa:2048 -nodes -keyout mumble.key -out server_mumble.csr

Then, on the StartSSL website :

http://i.imgur.com/jCe5aiN.jpg


Then I grabbed the file 2_mydomain.tld.crt from OtherServer.zip file and pasted the content in a new ssl_mumble.crt file:

wget --no-check-certificate https://www.startssl.com/certs/sub.class1.server.ca.pem
cat sub.class1.server.ca.pem > ssl_mumble_concat.crt
cat ssl_mumble.crt >> ssl_mumble_concat.crt
sudo cp ssl_mumble_concat.crt /etc/ssl_mumble_concat.crt
sudo cp mumble.key /etc/mumble.key
sudo service mumble-server restart

 

And now I get this error at every connection.


Any idea about what's wrong?

Edited by Lenwe
Link to comment
Share on other sites

Finally resolved it.


StartSSL provides a domain certificate, an intermediate certificate and a root certificate. The ssl_mumble.crt file is the concatenation of domain + intermediate (there are 2 --+ BEGIN/END CERTIFICATE --- blocks in it).


I used the .crt file from the NginxServer.zip file and it worked.

Link to comment
Share on other sites

 Share

×
×
  • Create New...