I’m having problems with my openfire server connecting to some ejabberd servers of my friends.
When I figured that out we began to troubleshoot the situation, and found some things that we were not able to understand.
First of all, I’m running 3.9.3 on a Ubuntu 14.04.1 LTS Server with openjdk 1.7.0_65.
My certs are from startssl and if I check my server with xmpp.net tests, it gets ranked A / A (client / server tests).
This makes me feel like “the things can’t be that bad”…
However, this is what I got in my Logs when I try to connect to his machine.
I’d like to point out that he also uses startssl! (same issuer, trust shouldn’t be a problem, right?)
2015.01.15 23:14:30 org.jivesoftware.openfire.server.ServerDialback - ServerDialback: OS - Ignoring unexpected answer in validation from: DOMAIN_Destination id: 501370331 for domain: MYDOMAIN answer:<stream:features xmlns:stream=“http://etherx.jabber.org/streams”></stream:features>
2015.01.15 23:14:30 org.jivesoftware.openfire.server.ServerDialback - Error verifying key of remote server: DOMAIN_Destination
After stumbling about this error msges we googled a bit and found this thread: (SORRY, ITS IN GERMAN LANGUAGE)
The author of the thread describes the same error msges as I have and pins it down to a missing intermediate cert.
However xmpp.net tells me my intermediate cert is there and proper. If I run the command the author pointed out:
openssl s_client -showcerts -connect MYDOMAIN:5222 -starttls xmpp
openssl gives me neither certs nor intermediate certs. (…but this seems to be a bug in openssl)
(can someone verify this with its own openfire server?)
Also, if i check the truststore manually it looks good:
keytool -list -keystore truststore | grep start
startcom.ca.sub.class1, 10.04.2011, trustedCertEntry,
startcom.ca, 10.04.2011, trustedCertEntry,
startcom.ca.sub2, 15.01.2015, trustedCertEntry,
startcom, 30.01.2007, trustedCertEntry,
Any Ideas why I get those error msges?
Any Idea how to fix this behavior?
I’d like to get rid of the “Error verifying key of remote server” and the “ServerDialback: OS - Ignoring unexpected answer” msges.