certificate

Extra Modules for Prosody: Instant Message Chat server for Raspberry Pi / Ubuntu

prosody.png

This is part 2 of a 2 part tutorial on Prosody, which will show you how to install and configure extra modules to extend prosody's functionality. Part 1, which deals with basic installation and testing of prosody, is here.

Here's an overview of the important additional functionality we will add to prosody:

  • Multi user chats (XEP-0045)
  • Server side message storage (XEP-0313 Message Archive Management)
  • File and image transfer (SI File Transfer and Jingle signalling; in-band and out-of-band methods)
  • Stream Management for surviving connection interruptions and switches - particularly useful on mobile (XEP-0198 Stream Management)
  • Synchronising messages between multiple devices (XEP-0280 Message Carbons)
  • Battery Saving techniques for mobile clients (XEP-00352 Client State Indication)
  • User Blocking (XEP-0191 Blocking Command)

Not all clients support all of these XEPs. I consider the Android client Conversations (F-Droid | Google Play) to be pretty cutting edge in this respect - it's pushing forward a lot of XEPs that are required if we are going to see XMPP compete with the features of proprietary chat clients, particularly on mobile.

Installing Prosody: Instant Message Chat server for Raspberry Pi / Ubuntu

prosody.png

At the end of 2013, I wrote a series of tutorials explaining how to run an email server at home on a raspberry pi, which turned out to be very popular.

I'm now aiming to do the same for instant messaging. This tutorial will:

  • Introduce the Extensible Messaging and Presence Protocol (XMPP), formerly known as "Jabber"
  • Discuss some of the pros and cons of XMPP vs some other proprietary protocols
  • Give instructions for the installation and configuration of Prosody, a free and open source XMPP server.
  • Discuss various important XMPP Extension Protocols (XEPs) and how to enable them
  • Cover transport layer encryption (i.e. client-server and server-server TLS) and end-to-end encryption for clients
  • Recommend client software for different platforms

Along the way, I'll expose the underlying protocol to give you the tools you need to debug the problem yourself, instead of relying on obscured error messages from GUI applications.

This is part 1 of a 2 part tutorial. Part 2 can be found here.

SSL Certificate Signing with CAcert for Raspberry Pi, Ubuntu & Debian

CAcert logo

If you run your own website, email server or other services like OwnCloud at home then you may find yourself in need of a SSL certificate. When you install Apache, it generates a self-signed "snakeoil" certificate that can be used to encrypt your session. However, while this certificate is useful for testing purposes, it falls short in a couple of important ways:

  1. The snakeoil certificate has not been signed by an authority that your browser trusts, so your browser will throw an error when you connect.
  2. The common name on the certificate probably doesn't match your domain name. Another browser error.
  3. Short of manually inspecting the certificate's checksum, you have no guarantee that you are communicating with your own server - it could easily be an imposter using another self-signed certificate.

This tutorial will show you how to generate your own SSL certificate, and get it signed by the community driven SSL certificate signing authority CAcert. Once you have imported the certificate into your browser or into your operating system's root filesystem, your computer will automatically verify the identity of the server and you will enjoy error-free secure communications. Oh, and CAcert is free of charge!

Remove "Network May Be Monitored by an Unknown Third Party" in Android 4.4 KitKat

If you have just updated to Android 4.4 KitKat, and you use a custom root certificate to sign SSL/TLS certs for your own server/website/WiFi then you may have had the “Network may be monitored by an unknown third party” prompt.

Android allows you to add user defined SSL Certificate Authority Certs, but it then complains about them continually, which is incredibly annoying!

Subscribe to RSS - certificate