Glowsome Posted June 26, 2016 Share Posted June 26, 2016 Just a heads up from someone who is using murmur and is using a StartSSL certificate(s)Just a few days ago i refreshed my server certificate according to the tutorial as written on https://wiki.mumble.info/wiki/Obtaining_a_StartCom_Murmur_Certificate to find out that its not working as expected.In awaiting my 'wiki' authorisation to change the article i wanted to just vent out the things i have encountered ( and solved)first of all in the article it gets the intermediate certificate and then cat's it to the signed certificate .. The certificate to be obtained is not the one listed, as its depreciated .. the (intermediate) certificate to wget is now : wget --no-check-certificate https://startssl.com/certs/sca.server1.crt After grabbing that simply rename it to sub.class1.server.ca.pem , and use it for the rest of the howto as described.Next to that, i also had to refresh my own client certificate as it was due to expire.So i replaced it to then find out it was no longer being accepted by my server : <23:(-1)> SSL Error: The root CA certificate is not trusted for this purpose <23:(-1)> SSL Error: No certificates could be verified <23:(-1)> Connection closed: [-1] It turns out that for client-verification StartSSL now uses a different intermediate CA.The solution to this is adding the (new) intermediate Client CA https://startssl.com/certs/sca.client1.crtto the ssl_mumble_concat.crt itself.To do so do the following after you've cat'ed the certificate with the intermediate CA (as described above) wget --no-check-certificate https://startssl.com/certs/sca.client1.crt cat sca.client1.crt >> ssl_mumble_concat.crt After having done this follow the Howto as described to point to the correct files.sidenote is i'm a beginner linux person, so proppably some steps can be shortened with more understanding, but this worked for me... if you have improovements please post them back, cause i am a learning person.- Glowsome Link to comment Share on other sites More sharing options...
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now