prosody not accepting my ssl certificates

Issues related to applications and software problems
Post Reply
robkalmeijer
Posts: 37
Joined: 2012/03/27 00:15:55
Contact:

prosody not accepting my ssl certificates

Post by robkalmeijer » 2019/04/06 16:51:27

I have signed certificate for robkalmeijer.nl but prosody shows errors and only Monal on the ipad can login with TLS.

[root@server3 prosody]# service prosody restart
Stoppen van Prosody XMPP (Jabber) server: [ OK ]
Starten van Prosody XMPP (Jabber) server: [ OK ]

cat prosody.log
Apr 06 18:45:47 mod_posix warn Received SIGTERM
Apr 06 18:45:47 startup info Shutting down: Received SIGTERM
Apr 06 18:45:47 socket debug server.lua: closed server handler and removed sockets from list
Apr 06 18:45:47 socket debug server.lua: closed server handler and removed sockets from list
Apr 06 18:45:47 socket debug server.lua: closed server handler and removed sockets from list
Apr 06 18:45:47 socket debug server.lua: closed server handler and removed sockets from list
Apr 06 18:45:47 general info Shutting down...
Apr 06 18:45:47 general info Shutdown status: Cleaning up
Apr 06 18:45:47 general info Shutdown complete
Apr 06 18:45:48 startup info Hello and welcome to Prosody version 0.11.2
Apr 06 18:45:48 stats debug Statistics disabled
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for client_https...
Apr 06 18:45:48 certmanager debug No certificate/key found for client_https
Apr 06 18:45:48 startup info Prosody is using the select backend for connection handling
Apr 06 18:45:48 hostmanager debug Activated host: robkalmeijer.nl
Apr 06 18:45:48 usermanager debug Host 'robkalmeijer.nl' now set to use user provider 'internal_hashed'
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for robkalmeijer.nl...
Apr 06 18:45:48 certmanager debug No certificate/key found for robkalmeijer.nl
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for nl...
Apr 06 18:45:48 certmanager debug No certificate/key found for nl
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for robkalmeijer.nl...
Apr 06 18:45:48 certmanager debug No certificate/key found for robkalmeijer.nl
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for nl...
Apr 06 18:45:48 certmanager debug No certificate/key found for nl
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for robkalmeijer.nl...
Apr 06 18:45:48 certmanager debug No certificate/key found for robkalmeijer.nl
Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for nl...
Apr 06 18:45:48 certmanager debug No certificate/key found for nl
Apr 06 18:45:48 storagemanager debug map storage driver unavailable, using shim on top of keyval store.
Apr 06 18:45:48 portmanager debug No active service for c2s, activating...
Apr 06 18:45:49 socket debug server.lua: new server listener on '[::]:5222'
Apr 06 18:45:49 portmanager debug Added listening service c2s to [::]:5222
Apr 06 18:45:49 socket debug server.lua: new server listener on '[*]:5222'
Apr 06 18:45:49 portmanager debug Added listening service c2s to [*]:5222
Apr 06 18:45:49 portmanager info Activated service 'c2s' on [::]:5222, [*]:5222
Apr 06 18:45:49 portmanager debug No active service for legacy_ssl, activating...
Apr 06 18:45:49 portmanager info Activated service 'legacy_ssl' on no ports
Apr 06 18:45:49 portmanager debug No active service for s2s, activating...
Apr 06 18:45:49 socket debug server.lua: new server listener on '[::]:5269'
Apr 06 18:45:49 portmanager debug Added listening service s2s to [::]:5269
Apr 06 18:45:49 socket debug server.lua: new server listener on '[*]:5269'
Apr 06 18:45:49 portmanager debug Added listening service s2s to [*]:5269
Apr 06 18:45:49 portmanager info Activated service 's2s' on [::]:5269, [*]:5269
Apr 06 18:45:49 mod_posix info Prosody is about to detach from the console, disabling further console output
Apr 06 18:45:49 mod_posix info Successfully daemonized to PID 22485
Apr 06 18:45:49 storagemanager debug map storage driver unavailable, using shim on top of keyval store.
Apr 06 18:45:49 modulemanager debug pep is already loaded for robkalmeijer.nl, so not loading again

[root@server3 conf.d]# cat robkalmeijer.cfg.lua
-- Section for VirtualHost robkalmeijer.nl

VirtualHost "robkalmeijer.nl"
-- Prosody will automatically search for a certificate and key
-- in /etc/prosody/certs/ unless a path is manually specified
-- in the config file, see https://prosody.im/doc/certificates
ssl = {
key = "/etc/pki/tls/private/robkalmeijer.nl.key";
certificate = "/etc/pki/tls/certs/robkalmeijer.nl.crt";
capath = "/etc/pki/tls/certs";
}

------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see https://prosody.im/doc/components

---Set up a MUC (multi-user chat) room server on conference.robkalmeijer.nl:
--Component "conference.robkalmeijer.nl" "muc"

--- Store MUC messages in an archive and allow users to access it
--modules_enabled = { "muc_mam" }

-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
--Component "proxy.robkalmeijer.nl" "proxy65"

---Set up an external component (default component port is 5347)
--
-- External components allow adding various services, such as gateways/
-- transports to other networks like ICQ, MSN and Yahoo. For more info
-- see: https://prosody.im/doc/components#addin ... _component
--
--Component "gateway.robkalmeijer.nl"
-- component_secret = "password"

[root@server3 certs]# ll
totaal 1184
-rw-r--r--. 1 root root 754217 feb 28 2018 ca-bundle.crt
-rw-r--r--. 1 root root 418126 feb 28 2018 ca-bundle.trust.crt
-rw-r--r--. 1 root root 5165 feb 14 16:42 fullchain.pem
-rw-r--r--. 1 root root 1720 sep 4 2018 intermediateCA.crt
-rwxr-xr-x. 1 root root 610 mrt 22 2017 make-dummy-cert
-rw-r--r--. 1 root root 2242 mrt 22 2017 Makefile
-rwxr-xr-x. 1 root root 829 mrt 22 2017 renew-dummy-cert
-rw-r--r--. 1 root root 2131 aug 29 2018 robkalmeijer.nl.crt
-rw-r--r--. 1 root root 1314 sep 4 2018 rootCA.crt

Any suggestions? The prosody site is a dead and, no replies

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: prosody not accepting my ssl certificates

Post by TrevorH » 2019/04/06 17:05:55

Apr 06 18:45:48 certmanager debug Searching /etc/pki/tls/certs/ for a key and certificate for robkalmeijer.nl...
That says it's searching /etc/pki/tls/certs for the key and the cert but your key is not in there, it's in a different directory.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

robkalmeijer
Posts: 37
Joined: 2012/03/27 00:15:55
Contact:

Re: prosody not accepting my ssl certificates

Post by robkalmeijer » 2019/04/17 23:19:40

I checked the paths many times and its should working.

Is I noted one client can connect with TLS, so thats makes strange.

robkalmeijer
Posts: 37
Joined: 2012/03/27 00:15:55
Contact:

Re: prosody not accepting my ssl certificates

Post by robkalmeijer » 2019/11/17 17:27:47

I created after receiving an renewal of the crt an new fullchain.

The earlier root CA was not correct. Now may problem disappeared.

Post Reply