powered by Jive Software

Help to connect openfire v4.6.0 in s2s mode

I have two servers and I want to make a s2s connection but in one of them I get this and I do not get the certificates that could be:

Sending server to server ping request to star.net.bryan
StartTLS negotiation failed. Closing connection (without sending any data such as or ).
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathBuilderException: Unable to find certificate chain.
at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:1.8.0_271]
at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:1.8.0_271]
at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:1.8.0_271]
at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:1.8.0_271]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source) ~[?:1.8.0_271]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source) ~[?:1.8.0_271]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source) ~[?:1.8.0_271]
at sun.security.ssl.SSLHandshake.consume(Unknown Source) ~[?:1.8.0_271]
at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[?:1.8.0_271]
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[?:1.8.0_271]
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[?:1.8.0_271]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_271]
at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source) ~[?:1.8.0_271]
at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:351) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.java:261) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:183) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:189) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.secureAndAuthenticate(LocalOutgoingServerSession.java:459) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSession(LocalOutgoingServerSession.java:348) [xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain(LocalOutgoingServerSession.java:209) [xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPacket(OutgoingSessionPromise.java:264) [xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(OutgoingSessionPromise.java:242) [xmppserver-4.6.0.jar:4.6.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:1.8.0_271]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_271]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_271]
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathBuilderException: Unable to find certificate chain.
at org.jivesoftware.openfire.keystore.OpenfireX509TrustManager.checkServerTrusted(OpenfireX509TrustManager.java:108) ~[xmppserver-4.6.0.jar:4.6.0]
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source) ~[?:1.8.0_271]
… 21 more
Caused by: java.security.cert.CertPathBuilderException: Unable to find certificate chain.
at org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi.engineBuild(Unknown Source) ~[bcprov-jdk15on-1.65.jar:1.65.0]
at java.security.cert.CertPathBuilder.build(Unknown Source) ~[?:1.8.0_271]
at org.jivesoftware.openfire.keystore.OpenfireX509TrustManager.checkChainTrusted(OpenfireX509TrustManager.java:261) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.keystore.OpenfireX509TrustManager.checkServerTrusted(OpenfireX509TrustManager.java:104) ~[xmppserver-4.6.0.jar:4.6.0]
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source) ~[?:1.8.0_271]
… 21 more
Successful server to server response received.
Session is connected.
Successfully negotiated TLS connection.

what java versions are you using on each server?

I am using java jre-8u271-windows-x64

you might be hitting the issue related to this

could you try downgrading java by one ( think it would be 8u261) to see if that resolves your issue?

the other server gives me this

Sending server to server ping request to star.net.chat
STARTTLS negotiation (with: org.jivesoftware.openfire.net.SocketConnection@2994483a socket: Socket[addr=/192.168.100.12,port=63295,localport=5269] session: LocalIncomingServerSession{address=star.net.bryan/7tkjvyg2qh, streamID=7tkjvyg2qh, status=1 (connected), isSecure=true, isDetached=false, isUsingServerDialback=true, localDomain=star.net.bryan, defaultIdentity=star.net.chat, validatedDomains={}}) failed.
javax.net.ssl.SSLHandshakeException: The peer closed the connection while performing a TLS handshake.
at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.java:235) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:183) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:189) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode.java:83) [xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMode.java:144) [xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java:81) [xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:150) [xmppserver-4.6.0.jar:4.6.0]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_271]
STARTTLS negotiation (with: org.jivesoftware.openfire.net.SocketConnection@54807190 socket: Socket[addr=/192.168.100.12,port=63297,localport=5269] session: LocalIncomingServerSession{address=star.net.bryan/206poxybsp, streamID=206poxybsp, status=1 (connected), isSecure=true, isDetached=false, isUsingServerDialback=true, localDomain=star.net.bryan, defaultIdentity=star.net.chat, validatedDomains={}}) failed.
javax.net.ssl.SSLHandshakeException: The peer closed the connection while performing a TLS handshake.
at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.java:235) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:183) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:189) ~[xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode.java:83) [xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.BlockingReadingMode.readStream(BlockingReadingMode.java:144) [xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.BlockingReadingMode.run(BlockingReadingMode.java:81) [xmppserver-4.6.0.jar:4.6.0]
at org.jivesoftware.openfire.net.SocketReader.run(SocketReader.java:150) [xmppserver-4.6.0.jar:4.6.0]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_271]
Successful server to server response received.
Session is connected.
Successfully negotiated TLS connection.

I already downloaded the version and continues putting the same

it was a bit of a shot in the dark. after looking at the log, perhaps there is a problem with your certificate.

StartTLS negotiation failed. Closing connection (without sending any data such as or ).
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: java.security.cert.CertPathBuilderException: Unable to find certificate chain.

Also, make sure you DNS records are correct for your XMPP Domain

so what do you recommend me

I already managed to connect the servers, is there any way to share the user list