SSL Certificate Problem
I got a new cert for the server from Thawte (got the ApacheSSL cert, which is what I had successfully used on Tiger Server.)
I started the process by creating a new CSR in Server Admin (advanced server), sent the CSR to thawte, they signed and returned the cert. Went back to server admin, imported it, and it looks good!
Well, I selected the cert in the iChat service and clients cannot login. They can login with the Default cert (but get the warning message).
...and we see the following in the iChat service log:
Jan 7 07:27:48 chat jabberd/c2s[6453]: failed to load local SSL pemfile, SSL will not be available to clients
So, I looked in /etc/certificates and it looks good:
chat:certificates herb$ ls -la
total 72
drwxr-xr-x 12 root wheel 408 Jan 7 07:24 .
drwxr-xr-x 124 root wheel 4216 Jan 7 07:25 ..
-rw-r--r--@ 1 root wheel 0 Jan 5 13:35 .defaultCertificateCreated
-rw-r--r-- 1 root wheel 660 Jan 5 13:35 Default.crt
-rw-r----- 1 root certusers 1551 Jan 5 13:35 Default.crtkey
-rw-r----- 1 root wheel 534 Jan 5 13:35 Default.csr
-rw-r----- 1 root certusers 891 Jan 5 13:35 Default.key
-rw-r--r-- 1 root wheel 1155 Jan 7 07:24 chat.northampton.edu.chcrt
-rw-r--r-- 1 root wheel 1306 Jan 7 07:24 chat.northampton.edu.crt
-rw-r----- 1 root certusers 2269 Jan 7 07:24 chat.northampton.edu.crtkey
-rw-r----- 1 root wheel 720 Jan 5 14:09 chat.northampton.edu.csr
-rw-r----- 1 root certusers 963 Jan 7 07:24 chat.northampton.edu.key
I am really at a loss, any ideas?
I notice that in the jabberd c2s.conf configuration file:
<!-- File containing a SSL certificate and private key to use when
setting up an encrypted channel with the router. If this is
commented out, or the file can't be read, no attempt will be
made to establish an encrypted channel with the router. -->
<pemfile>/etc/certificates/Default.crtkey</pemfile>
Now that is odd since I chose the chat.northampton.edu cert!
Later in the file we do see references to the chat.northampton.edu cert so I left that entry alone. Later I read that first entry is okay the way it is.
Any help appreciated!
XServe, Mac OS X (10.5.1)