powered by Jive Software

StartSSL (class2) issues?


I’ve read a lot of guides and howto’s (including all of them here in this forum).

My Setup is:

  • Openfire v3.7.1
  • Sun Java 1.6
  • Ubuntu 10.04 (x64)
  • StartSSL Class2 Signed (Web/Apache) Cert

I followed the instructions from here to setup my class2-startssl-certificate into openfire.

Initially everything seemed OK. If I connect to the admin-panel using https (https://talk.mydomain.com:9091) I see the right certificate, so no browser (tested with firefox, internet explorer and chrome) claims about “untrusted” or something.

BUT, if I connect to my openfire-server with (i.e.) Jitsi it tells me, that’s it’s not possible to verify the identity of my server (image attached).

What’s getting me confused is, that in this error-message it says, that the identity of the server, while connecting to talk.mydomain.com, _xmpp-client.talk.mydomain.com couldn’t be verified. The certificate from StartSSL was issued for mydomain.com and talk.mydomain.com, but what is the second requested url in the error-message, _xmpp-client.talk.mydomain.com ?

Do I have to get my certificate with also this “address” ? Could anyone explain me, what and ahy the client is trying to verify this address, as I never saw it before.

Thank you in advance



I found out that in this case Jitsi doesn’t support StartSSL-CA, so the certificate couldn’t be verified.


Strange, as even Gajim (another client) can’t verify it.