[Psi-devel] Making the new JSF ICA XMPP certs work
Justin Karneges
justin-psi2 at affinix.com
Mon Dec 11 11:16:18 PST 2006
On Monday 11 December 2006 7:08 am, Norman Rasmussen wrote:
> okay, so I double checked using .crt files instead of the single .xml
> file. Same results:
>
> I need the ICA cert and not the CA root cert. :-(
StartCom root goes into the root store (psi/certs/startcom.xml *or* import it
into your OS).
JSF ICA must be delivered by your server, so copy it into your server
configuration.
> > - I thought that the System CA store was supposed to be used, or has
> > this migration not yet been coded/tested?
It is used. StartCom just probably isn't in your root storage yet. It is
still very new.
> > - I should be able to survive only with the root CA, because the
> > server should supply both the server's cert, and the ICA cert, and
> > should be able to 'bridge' the gap so to speak. Is there no multi-hop
> > certificate chain checking yet? (i.e. all the ICA's need to be in the
> > 'root cert' datastore)
Yes. Make sure your server is delivering it.
-Justin
More information about the psi-devel
mailing list