Since the more recent updates, every time I open the ofmeet page of my server on port 7443, the Chrome browser is asking me to produce a client certificate to identify myself to the app. Same thing when I send an invitation to other people for a meeting, when they click on the link the first thing they see is the request to produce a certificate to identify themselves. I would like to turn this feature off because most people don’t understand what a client certificate is. I’d like to keep life simple and stick to username and password (seeing that open meetings don’t seem to be an option anymore? anyone who joins can’t just identify themself with a nickname, they need user credentials… which I can work with, I’ll just make dummy user credentials for those that are invited and let them know so they can log in to the meeting). But is there a switch somewhere that let’s me turn off the request for a client certificate or is it Chrome that automatically triggers a certificate request when opening this kind of application?
This also happens in the browsers on mobile phones…
Client certificates are not asked by default - but client credentials are.
To configure client certificates, disable “mutual authentication” for client connections, as shown below.
To prevent OFMeet from requesting a username and password, Openfire should be configured to allow anonymous logins (note that this can be thought of as a security concern, and opens up your server for XMPP spammers). Anonymous logins can be configured as shown below.
Those are actually my settings. And yet, here is a video showing what is happening: https://youtu.be/xKzyjI7yqx4
I have a valid wildcarded Let’s Encrypt certificate for this domain. My guess is that maybe the Let’s Encrypt certificate is meant for domain validation so is effective on the http ports 80 and 443, if a request is made to a port other than these the browser will perhaps initially ignore the Let’s Encrypt certificate?
I have added the Let’s Encrypt certificate to my Identity store and I added the Let’s Encrypt CA certificate to the Trust store. My client trust store is empty.
As you can see, my client connection settings are exactly as you indicated
