Jabber + Thunderbird + Cert

[bertalanimre]

Hello Guys,

I'm currently trying to set up a nice mail server with groupware, firewall, cert, etc, etc. Currently what works is the AD, webmail. ( I'm at the begining yet)
I just tried to set jabber up and working. On the clients I use Thunderbird and for XMPP chat I installed "Additional chat protocols for thunderbird" and Pidgin just to make sure. Currently the users are allowed to use Jabber. I set up Jabber to use SSL and when  I try to connect with Thunderbird I get the following error: "The owner of the certificaion makred as non-thrusted" ( maybe not the exact same message, I use a differend language ). How could I deploy the cert to the clients automaticly and make Thunderbird to accept it as thrusted? Is this the only problem what I've done?

Please ask me more if I didn't tell you all information for this problem.

Thank you in advance.

Best Regards:
Imre Bertalan

[mamra]

You must have a trusted ceritificate or just add exception for the certificate in thunderbird

[bertalanimre]

Unfortunatelly I already tried that. Doesn't want to work for me. Imported the cert from the server manually and set them to fully thrusted and nothing changed.

Here are my Jabber setting on the server:
http://kepfeltoltes.hu/130306/CameraZOOM-20130306103744129_www.kepfeltoltes.hu_.jpg

And the error message on TB:
http://kepfeltoltes.hu/130306/CameraZOOM-20130306103948511_www.kepfeltoltes.hu_.jpg
The system is Hungarian. It sais: Error: The host closed the connection. Trying to reconnect in 15 seconds.

[christian]

as explained by mamra, you have either to use external certificate (and Zentyal doesn't offer yet interface to handle such external certificate, so you will have to install it manually using command line) or you have to trust Zentyal certificate client side (in Thunderbird).
This is not, as mamra, wrote, an exception but new CA you add to de default list 

[mamra]

In thunderbird goto
tools>options>advance>certificates>view certificates and press add exception
location is https://zen.zenbf.hu:5223
Get certificate and then confirm...

[bertalanimre]

Ok, trying ATM:

Edit: Got the cert, but still unable to join. I think I might set up the TB profile wrong. I've tried for username the "username" and "username@domain.hu", tried to set the host to "host.domain.hu, "domain.hu" and even left it blank. For port both 5222 and 5223 is not functioning.

I found this and this link, but I think they're out of date because the creation of an XMPP user is not like this ( no server name required for example )

Do you know a good Step-by-step tutorial for the latest TB?

Edit2: Pidgin works fine for the 1st try and the TB chat works with Facebook and Google accounts.

[mamra]

Username should be user@zen.zenbf.hu host should be zen.zenbf.hu port 5223 and select require ssl

[bertalanimre]

Thank you mate. I kept forgeting the "zen." tag from the begining. Now it works wonderfull. One more question if you don't mind

Could be that something is wrong with the setting because the user have to add every other user on the network one by one. I though that I simply log on and I'll be able to see every user currently online/not online. Or this is normal?

[mamra]

Enable stun service at jabber configuration and check

[bertalanimre]

Stun + shared roster did the trick. Thank you mamra! You saved me from a lot of trouble. Gonna write a quick setup guide for it myself. Thanks again!