Help, installing openfire SSL certificates fails

Openfire Openfire Support
1

Me and my team of linux experts have been fighting with this for almost 3 weeks now, it’s pathetic we want to give up on openfire but this is our last and final resort.

We have installed it many many many times on both centos 6. 5

and finally ubuntu 14

The issue is that SSL certificates are not properly working, for a while we were not able to get them signed but then started following this guide:

Comodo 2048 Bit SSL Certificate in OpenFire | Ignite Realtime

Basically that is exactly what we have most recently done, almost exactly to the T including getting the cert signed from Comodo.

We created a file called: Combine.crt that has 3 our of the 4 cert files we received from Comodo, exactly the ones described in the tutorial listed above, and put that in the keystore as per instructed, and finally when connecting we get this error: SSL Peer presented an invalid certificate. And “The certificate chain presented is invalid”

We are seeing this error on pidgin clients.

We tried many variations and tutorials and just random testing of everything we could do, re-issuing the certs, etc. It’s really a mess we are so fed up, someone please help us, I don’t know why this has to be so difficult all we did was set up fresh server and follow instructions and nothing is working no matter what.

Our goal is only to run the server with a signed certificate.

2

We should combine these threads: Openfire 3.9.3: Import Certificates error

I would like to know the answer to this as well, as I am about to start down the same path.

That guide you linked to is from 2011 and Openfire 3.7.1. It is possible that it is now out of date for 2014 and Openfire 3.9.3.

There is also this guide, but I’m not sure if it is significantly different from the one you are already using: Bigdino Blog

My question is: why can’t we just use the server certificate import tool in the Admin interface? Or can we? I haven’t tried.

Have you tried Bruno?

I will also be using a Comodo certificate, which I already have purchased and working on other machines. Ours is a wildcard certificate.

I do have a specific question with regards to wildcards: My openfire server exists at the domain openfire.mydomain.com. My wildcard certificate is for *.mydomain.com. But in the Admin interface of my openfire server, the existing self-signed certificate shows as a certificate for *.openfire.mydomain.com. Am I reading this right? Why is the default self-signed certificate a wildcard? Should my wildcard certificate for __*.mydomain.com __work for my **openfire.mydomain.com **server?