powered by Jive Software

Client android with server openfire 4.1.5: need help for certificate


#1

I am using “Freelab Messenger” Android application in order to connect to Openfire 4.1.5.

When I connect from “Freelab Messenger”, I get the message “Accept unknown certificate ? the server certificate is not signed by a trusted certificate authority”.

In Openfire, how can I register a certificate signed by a trusted certificate authority ?

Thanks for help.


#2

When you login into admin console go to the Server > TLS/SSL Certificates > Identity Store > Manage Store Contents

There you can generate Certificate Sign Request (you might need update here some data for your certificate). You can ask some CA for signing your CSR. After that click import in Openfire and paste there your certificate and your private key.


#3

Thanks for your answer.

As you suggested,I registered my SSL certificate, with is signed by GeoTrust, but I get always the message “Accept unknown certificate ? the server certificate is not signed by a trusted certificate authority”. Surprising message, because the certificate is trusted !

The good point is: now, I haven’t to re-accept the certificate, from the android application, each time I reboot my smartphone: now, the chat user stays connected after reboot.

Before, with the self signed certificate, after reboot, the chat user was disconnected. I had to re-accept the certificate at each reboot, and that’s why I wanted to put a certificate signed by trusted authority.

If you have an idea why the trusted certificate is considered not trusted …

Thanks. Best regards


#4

It might be that there is no certificate of CA that signed your certificate in your client app. I don’t know much about Freelab Messenger but it might be that when you are accepting certificate it is accepted only for this connection. Try to look into this app whether it have option to add your CA certificate (GeoTrust) to Freelab’s TrustStore.


#5

One more idea: did you added in Openfire only your end entity certificate or whole chain including CA. You need to add whole chain so app can can build certification path.