Chapter 24. Installing StartCom Certificate in Your Linux System

Table of Contents

Gentoo Linux

Artur Hefczyc <artur.hefczyc@tigase.net> v2.0, June 2014: Reformatted for AsciiDoc. :toc: :numbered: :website: http://tigase.net :Date: 2010-04-06 21:18

The third party authority for free XMPP server certificates is Startcom. Startcom root certificate is not normally known to your system as a valid certificate and appear as a self-signed certificate.

To make it known to your system as valid your have to install it in your system.

In any case or any operating system, you have to download the certificate from the issuer web site.

Gentoo Linux

  1. Copy downloaded ca.crt file to /etc/ssl/certs/starcom_ca.crt file.
  2. Run command:

    update-ca-certificates

All done. To test it run following command:

openssl s_client -connect tigase.org:5223 -CApath /etc/ssl/certs

Scroll the output up and look for something like:

verify return:1

Which means certificate verification was successful. If you find however:

verify return:0

Look one line up for an error message which may look like this:

verify error:num=19:self signed certificate in certificate chain

Which means the root certificate is still not recognized in your system.