Self-signed cert and Pidgin.

Ken D'Ambrosio ken at jots.org
Mon Mar 30 10:25:34 EDT 2015


Hey, all.  I've got a cert that has two "problems" with it:

1) It's self-signed, and
2) Its associated with a hostname that's inaccessible externally; the 
*service* is accessible externally, but through port forwarding.

To work around #2, I set up an /etc/hosts entry; based on what I 
understand about SSL (or *think* I understand; I'm pretty hazy on 
certain parts), that should be okay.  But #1 seems to be an issue.  When 
I try to fire up Pidgin, here's what I get:
-----------------
Unable to validate certificate
The certificate for foo.com could not be validated.  The certificate 
chain presented is invalid.
-----------------

I've googled until I'm blue in the face, tried to toggle the various 
features in the advanced tab in Pidgin's XMMP settings, tried to copy 
the PEM file everywhere and running various update-ca-certificates 
commands, etc., to no avail.  (Truly, it astonishes me that there's no 
"accept the damn cert, already" feature, but not sure what's to be done 
about that.)

Anyone have this issue?  Any suggestions on a work-around?  The 
surprising thing is that this is relatively new; my home machine works 
fine.  I almost wonder if it's an Ubuntu "feature," as my Mint system 
seems happy enough -- maybe something's been updated in SSL or somesuch, 
and it hasn't percolated to Mint yet.  Though as I haven't done a new 
Mint install, even that's pure speculation on my part.

Thanks for any insights...

-Ken


More information about the gnhlug-discuss mailing list