Fastpath Webchat - SSL Problem

Yuri_Bett · December 17, 2009, 12:05pm

Hi all,

I’ve a problem to work with Fastpath Webchat using a security comunication. I’ve generated the server certificates self-signed on the openfire server and enabled to required the security conection. The Spark comunication is secure, the packets are encrypted, however, the Fastpath Webchat packets aren’t. My server port 5222 is secure. My webchat settings configuration is:

localhost 5222 true 5222 </chat-settings

I can see the padlock image in the session list on openfire, but I can intercept the packet on the online traffic, not encrypted.

What is happening? where is the problem?

Regards,

Yuri

Bea_Eagle · December 18, 2009, 12:49pm

Try https://your.openfire.server.com:9091/webchat/

Is that connection secure?

There are two clients belonging to Webchat. The first is a plugin that can be installed into Openfire as a plugin. This is typically for testing purposes. The second is a webapps ‘war’ that runs on the application server (e.g. Tomcat, etc). When the webapps war is deployed the connection can be over port 80 (unsecured) or port 443 (SSL).

See http://www.igniterealtime.org/projects/openfire/plugins/webchat/readme.html

Yuri_Bett · December 18, 2009, 1:06pm

I’m not using this plugin into openfire server, it’s a external application, in other words, I access the webchat at http://my.openfire.server.com/webchat, I’m not use the port 9090 or 9091 to load the page.

Then, I’m using the port 80(default) to load. I discovered thet the message sent from browser to apache(webchat localization) isn’t encrypted, but the message sent from Apache to Openfire is encrypted, because it uses the port 5222. I’ve two comunications, Browser to Apache / Apache to Openfire.

Could I access the webchat on ssl? or do I need another server certificate?

Yuri

Bea_Eagle · December 18, 2009, 1:08pm

I expanded on my answer by editing it from above, does it make sense and apply to your issue?

Bea_Eagle · December 18, 2009, 1:12pm

https://my.openfire.server.com/webchat/ should be SSL. Do you have Apache SSL certificates configured so your webserver can support SSL connections?

Yuri_Bett · December 18, 2009, 1:17pm

I can provide a signed certificate, but is it possible to utilize the same certificate that I’ve used on openfire? do I need other certificate? I need right?

Bea_Eagle · December 18, 2009, 1:29pm

Ah, now you are changing your original question. I am not sure why you want to do that. Are you using a self signed cert? Boy you are short on details of what you are trying to accomplish and that is frustrating. If you are using a self-signed cert. It may be possible to use the same certificate, I have not tried that. I imagine you would get the certificate files from Openfire server file system $OPENFIRE_HOME/conf/client.truststore and $OPENFIRE_HOME/conf/truststore, along with reading the Jetty docs to see how to do if (if at all). If you are using a Cert Authority, you can import and should be able to use the same on the Apache webserver (I think).

Yuri_Bett · December 18, 2009, 1:39pm

Well, I changed my first question because I’m making some tests and discovering new things… I can provide a signed certificate to my Apache, but on the openfire I’m using a self-signed now, proved by itself.

But now I understood (I think). My question was if can I configure my wabchat to use the same certificate that I’m using on openfire and spark comunications.

Thanks for your help, I will generate another certificate to my Apache…

See ya

Yuri