powered by Jive Software

Help with SSL and local CA

I’'m not an expert on certificates, so please bear with me . . .

In my test environment, I have Openfire running on a Windows Server 2003. I have everything working using the self signed pending certificates, and setting my client (which uses Jabber.net) to allow untrusted roots.

I don’'t really want to support untrusted roots, so I decided to try signing the certificate with my internal CA (running on the same Windows server). I have this CA trusted on my test client, so I figured if I got the certificate signed, I should be able to turn off support for untrusted roots and everything should work.

That being said, I went to OpenFire Admin console, clicked on Security certificates and did the following:

  1. Copied the DSA Certificate to the clipboard.

  2. Opened up certsrv on my CA.

  3. Clicked on Request a Certificate.

  4. Clicked on Advanced Certificate Request.

  5. Clicked on Submit a Certificate Request by using base-64-encoded . . .

  6. Pasted in the certificate copied to the clipboard above.

  7. Clicked Submit. (Certificate was issued immediately as I have my test CA set that way)

  8. Downloaded the Certificate and the Certificate Chain in base-64 encoded strings.

  9. Repeated 1-8 for the RSA Certificate.

This is where things got interesting. Back in the Admin Console for OpenFire, I attempted to paste in the appropriate return certificate and got errors stating “An error occured while importing the Certificate Authority reply. Verify that the reply is correct and that it belongs to the correct certificate.”

After messing with this for some time, I decided to paste in the Certificate Chain instead. I then got the message that “Certificate Authority reply was imported successfully.”

HOWEVER, the certificate remains in a status of “Pending Verification”. I assume this means that there is still a certificate problem, correct???

Any ideas?

Thanks in advance . . .