powered by Jive Software

CA Certs & Openfire on OSX/Mac

Hello all,

Has anyone been able to succesfuly setup CA signed certs obtained through “Microsoft Active Directory Certificate Services” for Openfire 3.6.X? I’ve tried a couple times and always hit errors. If anyone knows of a how-to, or has any suggestions on a process, it would be appreciated.

Up to this point I have generated my own certs using the “Advanced Certificate Request”, but it never takes. Any help would be appreciated.

Regards,
Daniel

Hey Daniel,

Could you post the errors that you are getting? I never tried using “Microsoft Active Directory Certificate Services” but maybe we can still help solve the exceptions.

Tks,

– Gato

Gato, Thanks for the response. Upon trying to put in the cert via the GUI I’m seeing the following error: “An error occured while importing the Certificate Authority reply. Verify that the reply is correct and that it belongs to the correct certificate.”

I’m seeing this in the launchd.stderr log. I’m guessing this might because the CA isn’t in the keystore? Not sure though. I’m pretty sure I added it before.

“java.io.IOException
at org.jivesoftware.openfire.net.SSLConfig.gets2sTrustStore(SSLConfig.java:280)
at org.jivesoftware.openfire.admin.ssl_002dcertificates_jsp._jspService(ssl_002dce rtificates_jsp.java:152)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1093)
at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:11 8)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:66)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:42)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:70)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:146)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:206)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:843 )
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)”

Thanks again for the help.

Regards,
Daniel

Hey Daniel,

I guess that you have a configuration problem. It seems like the variable s2sTrustStore is not initialized in SSLConfig. Could you check if you have any other exception in the logs? Check if you have something related to ‘SSLConfig startup problem’.

Thanks,

– Gato

Gato,

In fact I do!!! This is from the error log on startup:

“2009.01.23 19:48:57 [org.jivesoftware.openfire.net.SSLConfig.(SSLConfig.java:105)] SSLConfig startup problem.
storeType: [jks]
keyStoreLocation: [/usr/local/openfire/resources/security/keystore]
keypass: [changeit]
s2sTrustStoreLocation: [/usr/local/openfire/resources/security/truststore]
s2sTrustpass: [changeit]”

What I didn’t mention previously is that every single time I restart the server I need to regenerate the self signed certs. My guess is that this doesn’t suprise you after seeing that error. Any ideas?

Thanks again.

Daniel

Hey Gato,

Were you by any chance able to glean any information out of those errors? Again, your help is INCREDIBLY appreciated. hehe

Regards,
Daniel

Hey Daniel,

Sorry for the delay. Unfortunately the server is not logging the stack trace of the exception so lets do a wild guess. Could you check that those 2 files exist and that the user running the server process has permission to write on those files?

If that does not help then use tomorrow’s nightly build where I added the logging of the stack trace of the exception. If you are willing to get the source code and build the server then you can give it a try right now.

Regards,

– Gato

Gato,

Thanks again for the help. When I look at the nightly build page, I don’t see anythign newer than Dec 14th, am I clicking the wrong thing? Thanks!!

Dan