powered by Jive Software

A wee bit of trouble getting OpenFire 3.8.0 running

Last week I started in-depth evaluation of Openfire 3.8.0 and if we could use it as our XMPP server hosted on a Win 2008 R2 member server. After battling through a number of problems large and small, and with lots of help from the posts on this forum, I’ve encountered a problem that has me completely stumped.

The server is completely installed,configured, and running with the exception the SSL/TLS. I completed the steps included in the SSL guide and successfully imported a cert into the keystore. I also changed the keystore password as recommended. In fact, I’ve successfully changed the password twice just to be certain (and of course, I made the coresponding changes to the server configuration using the Admin tool)

The error log contains the following** (my apologies for not including the original text from their respective files; the facility I work at is secure and files cannot be released with a lot of paper work)**:

org.jivesoftware.openfire.net.SSLConfig - SSLConfig startup problem

storeType: [jks]

keyStoreLocation: [C:\Program Files (x86)\Openfire\resources\security]

keypass: [Mariner10]

java.io.fileNotFoundException: C:\Program Files (x86)\Openfire\resources\security (Access is denied)

Addtionally the warning file contains

org.eclipse.jetty.util.component.AbstractLifeCycle - FAILED org.eclipse.jetty.http.ssl.SslContextFactory@184df1d#FAILED:

java.io.FileNotFoundException: C:\Program Files (x86)\Openfire\resources\security (Access is denied)

org.eclipse.jetty.util.component.AbstractLifeCycle - FAILED SslSelectChannelConnector@0.0.0.0:9091 FAILED:

java.io.FileNotFoundException: C:\Program Files (x86)\Openfire\resources\security (Access is denied)

Psi+ is the XMPP client and it errors out with a failed to connect TLS message.

I checked and changed the permissions on the security folder and keystore file and ensured that the server service accounts had full permission (read/write/modify/change ownership, delete, etc…) but no change to the problem.

Is there any place else I should be looking? Is this a JAVA issue? There are no entries in the Windows event log. OpenFire can successfully access the domain directory via LDAP over port 636. I installed the cert that I loaded into the keystore on IIS and can connect and view it using a browser and https.

Any assistance would be greatly appreaciated.

Okay I figured it out. The keystore location should have included the path **and **the name of the keystore file. After I made the change to the config, I got another error referencing a corrupted keystore. But, I was able to resolve that by deleting the self-signed certs (dsa and rsa) in the keystore using the keytool and verifying the cert I imported was still in keystore using the same command. I restarted the service and reveiwed the error log for SSL errors.

I initially tried to connect Psi+ using TLS over port 5222, but Psi+ reported TLS handshaking errors. I then configured Psi+ to use SSL on 5223 and the client was able to connect. Let the eveluation begin…

DooRag wrote:

Last week I started in-depth evaluation of Openfire 3.8.0 and if we could use it as our XMPP server hosted on a Win 2008 R2 member server. After battling through a number of problems large and small, and with lots of help from the posts on this forum, I’ve encountered a problem that has me completely stumped.

The server is completely installed,configured, and running with the exception the SSL/TLS. I completed the steps included in the SSL guide and successfully imported a cert into the keystore. I also changed the keystore password as recommended. In fact, I’ve successfully changed the password twice just to be certain (and of course, I made the coresponding changes to the server configuration using the Admin tool)

The error log contains the following** (my apologies for not including the original text from their respective files; the facility I work at is secure and files cannot be released with a lot of paper work)**:

org.jivesoftware.openfire.net.SSLConfig - SSLConfig startup problem

storeType: [jks]

keyStoreLocation: [C:\Program Files (x86)\Openfire\resources\security]

keypass: [Mariner10]

java.io.fileNotFoundException: C:\Program Files (x86)\Openfire\resources\security (Access is denied)

Addtionally the warning file contains

org.eclipse.jetty.util.component.AbstractLifeCycle - FAILED org.eclipse.jetty.http.ssl.SslContextFactory@184df1d#FAILED:

java.io.FileNotFoundException: C:\Program Files (x86)\Openfire\resources\security (Access is denied)

org.eclipse.jetty.util.component.AbstractLifeCycle - FAILED SslSelectChannelConnector@0.0.0.0:9091 FAILED:

java.io.FileNotFoundException: C:\Program Files (x86)\Openfire\resources\security (Access is denied)

Psi+ is the XMPP client and it errors out with a failed to connect TLS message.

I checked and changed the permissions on the security folder and keystore file and ensured that the server service accounts had full permission (read/write/modify/change ownership, delete, etc…) but no change to the problem.

Is there any place else I should be looking? Is this a JAVA issue? There are no entries in the Windows event log. OpenFire can successfully access the domain directory via LDAP over port 636. I installed the cert that I loaded into the keystore on IIS and can connect and view it using a browser and https.

Any assistance would be greatly appreaciated.