powered by Jive Software

CA Certificate imported into `keystore` awaits Certificate Authority reply in Openfire web UI


I’ve imported a CA certificate into keystore using keytool as:

/opt/openfire/jre/bin/keytool -trustcacerts -import -keystore /opt/openfire/resources/security/keystore -alias ca.domainy.com -file CA.cer

I then imported the signed request as:

/opt/openfire/jre/bin/keytool -import -keystore /opt/openfire/resources/security/keystore -alias chat.domainy.com -file /root/chat_domainy_com.cer

Looks good:

/opt/openfire/jre/bin/keytool -list -keystore /opt/openfire/resources/security/keystore
ca.domainy.com, Nov 20, 2013, trustedCertEntry,
Certificate fingerprint (MD5): [blob]
chat.domainy.com, Nov 20, 2013, PrivateKeyEntry,
Certificate fingerprint (MD5): [blob]

Now, in the webUI I see the following (see attached):

CA certificate is listed, but awaiting a reply from a CA.

The signed certificate is listed, and is CA approved.

This makes no usable sense, and I believe it must be a coding thing that needs to better consider the entry type of the certificates in the JKS.

Am I correct that this will have no effect in production?