Federation and trusted CA's

Brian19 · October 6, 2011, 4:36pm

I need to setup our openfire server to use federation to talk to some other companies we are working with. We are going to use the federation protocols, and allow their servers to access us through the firewall. Their servers are out of our control.

I know we need to have a non-self signed certificate for this to work, but is there a list of what CA’s are trusted? Does it depend on the server the other companies are using? I would love to use a free Cert, such as cacert.org, or the startssl.com ones, but are unsure if the other servers will work with them. Does openfire use its own listing of trusted CA’s, or does it use the one on the underlying OS? How would I list them out?

Thanks,

Brian

grutto · October 9, 2011, 9:02am

Openfire stores trusted CAs in /openfire/resources/security/truststore

You can use the Java tool ‘keytool’ to list the trused CAs that are bundled with the Openfire installer.

You may read the guides from here http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ssl-guid e.html and http://download.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html

guus · October 9, 2011, 9:42am

To add to this: not only can you use Keytool to list the certificates, you can fully manage them.