3.2.0 Certificate problem Clients not able to connect

Hello,

I just installed the 3.2.0 and have problems clients connecting with TLS/SSL. The connection is not established. They are only able to make a plain log-in.

Just a question to the Certificates itself:

After installing (fresh install) and opening the server certificate page in the admin console, I was presented with a coloured bar that the certificates were changed and I had to restart so the http server can use those. I did , the restart was working proper. Is this on purpose as it generates certificates for the domain set for the server ?

By installing 3.1.1 I wasn’'t confronted with this and just used the provided certificates as in the package.

Any help appreciated.

turbo

Hi Turbo,

What client are you using? Some of us are having problems with the Pandion client logging into Wildfire 3.2 using TLS/SSL ( see http://www.igniterealtime.org/forum/thread.jspa?threadID=24518&tstart=0 ).

The Spark client on the other hand appears to work correctly.

Stuart

If the certificates were self-signed You can do following steps. Remove old certificates from keystore, run Wildfire and generate new, self-signed certfificates from admin console.

Stuart,

saw the other post, too. It’‘s Pandion 2.5 , built-in database, built in selfsign cert’'s.

Disabling “require encryption” I was able to login just fine.

turbo

Hi goldman,

thank’'s for the info, but

" run Wildfire and generate new, self-signed certfificates from admin console."

this is my problem. Just entering the info will create a new cert which I can use ? If that’'s the case, that should be easy. Let me know if I am correct here.

turbo

Yes, it goes fully automatically.

goldman,

super, will check this out on my test machine.

Is this applying to 3.1.1 too, as 3.1.1 is running production and would like to have my “own” selfsigned cert.

Please let me know.

turbo

Generating self-signed certificates was implemented in Wildfire 3.2.0. In 3.1.1 you have “John Doe” certificates which are default.

Marek

Arrrr…

Didn’'t know that. Wanted to change from “Joe Doe” to my own. Too bad.

Anyways, thanks for the help.

turbo

will this issue be solved?

on pandion forum they say it’'s server issue,

on this forum, it’'s pandion issue

who is crazy?

haven’'t tried it myself yet, but take a look here

http://www.igniterealtime.org/forum/thread.jspa?threadID=24518&tstart=0

looks like deleting the build-in certs and creating new ones solves the problem. Would mean “partial server issue”

turbo

I’'ve already deleted John Doe certificates, I think wildfire asked for some HTTP restart after that

created new self-signed certificates in wildfire webgui, HTTP restart after that again

pandion 2.5 does not work, unless I disable - require encryption (TLS, SSL)

since I have few remote users, working without encryption is not acceptable

please help

you are right !!

As I mentioned, didn’'t test it when posting. Have the same thing.

The connection is made to the server for sure, as I quite the server the user got the disconnect message.

The roster is not showing. So, only partial connection.

Can’'t you go back to 3.1.1 ? Sorry, but have not enough experience to give you the proper steps.

3.2.0 has to be finetuned

turbo

wildfire 3.1.1 working great

uninstalled 3.2.0 - go home and fix your issues

We have a proprietary client and found that the cert information coming back had the wrong length and the Microsoft libraries were attempting to parse a null pointer.

Don’'t know if that is helpful for the Pandion folks.