I noticed that I didn’t import my signed SSL certificate in Openfire yet. So I wanted to do that. But it’s a lot harder than I expected. For any other service that’s running on that box, I just give it the filename of the private key and certificate (they’re both in one file) and it just works. For Openfire, I need to do something with keytool, actually I need to copy the private key and stuff to a second location on the system which may be less secured than root file access.
But actually, it doesn’t work anyway. When I try to import the file with both parts, as described in the SSL documentation here on this site, keytool just say this wouldn’t be an X.509 key. But I’m pretty sure it is because any other application can read it. So I just gave it the certificate part and that worked. But obviously the private key was still missing which caused the Openfire web interface to throw an exception when accessing that page, saying this is no PrivateKey instance or something. So I extracted the private key part from the file and copied it to a separate file. Importing this failed because this “alias” was already defined in the keystore. Deleting it all again and only importing the private key again said this is no X.509 key.
So, now I’m sitting here and can’t use my SSL key. Any suggestions?