powered by Jive Software

How To Install a CA Signed SSL Certificate into Openfire - Fastpath

I cannot guarantee this will work for everyone, however, I have spent about 2 days laboring on this and finally came to the resolution. I know there are several posts in the forums citing various error messages from people trying to accomplish this so I hope you all come across this thread and it works for you as it worked for me. The answer is actually quite simple when you think about it and being a sysadmin I should know better than to use guis to make things work. At the end of the day, the command line always saves me. Stick with keytool and this should work for you.

Please be advised this applies to a Linux install but im sure it could be easily adapted for Windows.

Also, you should run these commands in the same directory where your “keystore” exists. In my install this is /opt/wildfire/resources/security


$ALIAS -> This can be any name you choose to identify your certificate

$CSR-FILE -> Absolute path and name to the signing request file

$CA-ALIAS -> This can be any name you choose to identify the CA root certificate

$CA-ROOT-CERT-FILE -> Absolute path and name to the CA root certificate

$SIGNED-CERT-FILE -> Absolute path and name to the CA signed certificate

GENERATE THE PRIVATE KEY

/opt/wildfire/jre/bin/keytool -genkey -alias $ALIAS -keyalg RSA -keystore keystore

GENERATE THE CSR

/opt/wildfire/jre/bin/keytool -certreq -alias $ALIAS -keystore keystore -file $CSR-FILE

GO TO CA OF CHOICE AND GET THE CA SIGNED. I used RapidSSL/GeoTrust which is signed by Equifax

IMPORT THE CA ROOT CERT INTO KEYSTORE ( I USE EQUIFAX CA-1 )

/opt/wildfire/jre/bin/keytool -import -alias $CA-ALIAS -keystore keystore -file $CA-ROOT-CERT-FILE

IMPORT THE CA SIGNED CERT INTO KEYSTORE

/opt/wildfire/jre/bin/keytool -import -alias $ALIAS -keystore keystore -file $SIGNED-CERT-FILE

Let me know if this works for you!

Thanks.

Ross

Hey Ross,

Were you having problems following the same steps from the admin console? Was the CA failing to accept the CSR? Or was the server just having an error (in which case I would like to ask you to post them so I can fix them)?

The steps you described are the ones are described in the SSL guide. Is there anything you would suggest adding to the guide?

Thanks,

– Gato