Is there a clear example of how I can import an SSL wildcard certificate into openfire 3.6.4?
I have a wildcard.crt and wildcard.key file (which apache uses fine) and was openfire to use it instead of the self signed so users will not get prompted all the time for the unknown certificate.
Openfire can import a certificate and key but when I enter mine I get:
“There was an error one importing private key and signed certificate.”
Very NOT-helpful!!
Is there more details logged anywhere?
A proper procedure ?
What are these boxes expecting for certificate and key types?
Last step no here is that I had to then go to the interface and go to the sertificates screen and submit the public certificate in the box and hit save.
i know it is a long time ago since you have written this post, but maybe you or somebody else could help me with my openfire server and a wildcard certificate. I have done everything like you have described it, but at the end i run into a wall. Because when i have put the public certificate from the certificate provider into the box and hit save … nothing happend. That is why i have to ask additional questions to make sure that i have done everything right…
lovelysystems.com.key - Is the key that you have created for the csr, am i right ?
lovelysystems.com.crt - Is the certificate that was sent to you for csr from the ssl provider, am i right?
Then you convert the key and the cert into DER format. <-- works for me
Import both via the java.class into a new keystore <-- works for me
Change both passwords from importkey to changeit <-- works for me
Replace the new keystore with the old keystore <-- works for me
Stop/Start Openfire <-- works for me, no corrupted keystore fault meld will be shown
SSL Certificate show that the Cert have to be validated
Try to load the text from my wildcard cert (what is lovelysystems.com.crt for you). <— does not work
" Last step no here is that I had to then go to the interface and go to the certificates screen and submit the public certificate in the box and hit save." - See screenshot in attachment as well.
But if i try to take the wildcard cert and put into the box and hit save, nothing happens. That is why i am asking if i am using the rights certs. Because as far as i understand he uses both time the wildcard cert. First time to merge it with the key in the java program and second time when he tries to validate it in the certificates screen.
Don’t understand why you would need to do that - You already built the key store with both the key and certificate, before you added the Intermediate CA.
Do you have issues with the keystore if you only get to step 6 and don’t do anything else? That is pretty much what we do. I don’t even touch the certificate page in the admin console - It’s all from the command line.
I have the problem that the status is not “ca signed” it is still “pending varification”. Because of that e.g. Thunderbird Chat do not except a ssl connection and is in a connecting loop.
From what i understand from Dions instructions is that he touched the certificate page. Maybe you can tell me what you have done exactly to get it working
I don’t know what ‘ca signed’ or ‘pending verification’ mean - A certificate is either validated through the signer chain, or it isnt. Can you connect to the admin console with openssl s_client or a browser and see if it validates the certificate. instead of using Thunderbird?
I did everything from step 1 to step 5. At that point, connecting to admin console presented the wildcard certificate to me and I verified that the browser validated it. There were no other changes via the admin console to support it.
