Finally compared openfire source and connection manager source and found the issue. Seems like the isCertificate method in org.jivesoftware.util.CertificateManager.java of connectionamanager compares the identity from the certificates with ‘*’. This always fails. In openfire the same method has been modified to do comparison of *s and in some special cases something different.
this is how I solved it if anyone might need the same feature.
Download openfire 3.6.4 source and connection manager 3.6.3 source.
Replace the isCertificate(…) method in org.jivesoftware.util.CertificateManager.java of connection manager with the corresponding method implementation from Openfire-3.6.4
from connection_manager_src/build, execute ant jar and copy the target/lib/cmanager.jar to your connection manager lib folder.
For ssl certificates first create self signed certificates in openfire and copy the contents of openfire’s resources/security folder to connection managers resources/security folder. Configure conf/manager.xml
Start connection manager.