I wish to validate iChat clients using certificates. I’m Running Openfire 3.5 (Fedora Core 7) and have a signed server certificate loaded in the keystore. I created self-signed certificates on the Macintosh client (using the Keychain Access utility), export them, and import them into the openfire truststore. I have also created certificates on the server using openssl and exported them to the Mac. I have verified the client certificate is located in the truststore using ‘keytool -list’.
When I set xmpp.client.cert.policy to “wanted”, clients connect with no problem. When I set xmpp.client.cert.policy to “needed”, I receive a dialog box on the Mac that says "Could not connect to Jabber - An unexpected SSL error occured. ". I turned openfire debugging on and the error seems to be “null cert chain”, which I understand means that the iChat client is not successfully returning a certificate. I am using port 5223.
Can anyone shed any light on what might be happening and why I can’t connect using client certificate authentication? Thank you!