powered by Jive Software

Connection Manager using Client Certificates and EXTERNAL method?

I have an XMPP server, running Openfire 3.8.2. I also have Connection Manager 3.6.3 running on a seperate machine. All running on CentOS 32-bit.

The XMPP Server is setup to accept connections from clients using client certs, with EXTERNAL as the only item in ‘sasl.mechs’. I have keystores all configured correctly and connections work great directly to the XMPP server.

However, the documentation for the Connection Manager seems to be a bit lacking (at least the stuff I’ve found). I have proper keystores configured on the Connection Manager, and the configuration file seems to be pointing to them. However, when I attempt to connect (with the same client that connects just fine to the XMPP server), connection manager seems to accept the connection, but the XMPP server complains about having no client certificate.

This is from the XMPP server’s debug log:

2013.12.02 15:54:28 org.apache.mina.filter.executor.ExecutorFilter - Launching thread for e2exmppdevcmm1.dev.oati.local/

2013.12.02 15:54:28 org.jivesoftware.openfire.net.SASLAuthentication - SASLAuthentication: EXTERNAL authentication via SSL certs for c2s connection

2013.12.02 15:54:28 org.jivesoftware.openfire.net.SASLAuthentication - SASLAuthentication: EXTERNAL authentication requested, but no certificates found.

2013.12.02 15:54:28 org.apache.mina.filter.executor.ExecutorFilter - Exiting since queue is empty for e2exmppdevcmm1.dev.oati.local/

So my question is…how do I do this? I haven’t found any examples of it, or really quality documentation explaining it. I have only seen hints in the “SSL Guide” and “Installation Guide” that using client certs is supported, but no clear definition on how to do it, or exactly what parameters you can configure in the manager.xml file.

I have attached a sanitized version of my manager.xml file.

Any assistance would be greatly appreciated!

…so I take it Connection Manager isn’t widely used.