I’ve imported a CA certificate into
keystore using keytool as:
/opt/openfire/jre/bin/keytool -trustcacerts -import -keystore /opt/openfire/resources/security/keystore -alias ca.domainy.com -file CA.cer
I then imported the signed request as:
/opt/openfire/jre/bin/keytool -import -keystore /opt/openfire/resources/security/keystore -alias chat.domainy.com -file /root/chat_domainy_com.cer
/opt/openfire/jre/bin/keytool -list -keystore /opt/openfire/resources/security/keystore ca.domainy.com, Nov 20, 2013, trustedCertEntry, Certificate fingerprint (MD5): [blob] chat.domainy.com, Nov 20, 2013, PrivateKeyEntry, Certificate fingerprint (MD5): [blob]
Now, in the webUI I see the following (see attached):
CA certificate is listed, but awaiting a reply from a CA.
The signed certificate is listed, and is CA approved.
This makes no usable sense, and I believe it must be a coding thing that needs to better consider the entry type of the certificates in the JKS.
Am I correct that this will have no effect in production?