I now have the certificate in Openfire, it appears as RSA signed and I imported the private key file info and certificate file content successfully, how do I do a simple test to confirm its all working? When I browse to openfire on port 9091 it times out.
There’s another certificate appearing in openfire after I imported the above info (so I now have two certificates), it has an alias of xmpp.servername. Should I delete this so I’m only left with the cert which I recognise as having the same alias as the .pfx?
I imported the private key file info and certificate file content successfully
Normally, after you replaced the keystore/truststore, your certificate should be shown in the certificate-tab of the openfire-webinterface (in my case it showed up as “verification pending”). To get fix the “verification pending”, I’ve filled the content of the certificate (not the private key - just the public part of your PFX-file) into the appropriate field.
As you told that you’ve got a PFX-file it’s probably, that you have to export the certificate first, in order to paste it’s content into the webinterface (there, where the certificate showed up with “status pending”). To export the certificate out from the keystore you could run:
You said you’ve got a second certificate, this could be the default DSA-Certificate but as you’ve created a new keystore from your PFX-file, I don’t think so.
I guess it has something to do with
I imported the private key file info and certificate file content successfully
…one more little step
As for
When I browse to openfire on port 9091 it times out.
is port 9091 open in your firewall?
I think in my case, I don’t need to import the content of the certficiate in the openfire web interface as the .pfx converted certficate appears here with the status “CA Signed” not “verifciation pending” as in your case.
After this I thought that it would just work, but I can’t browse to servername:9091 I can confirm that port 9091 is open on the firewall, I ran netstat -a to check this.
Because its not working, I then tried importing the public part of my pfx file in the web interface as I thought “whats the worse that can happen”, it accepted the details and then a 2nd certficiate appeared which is also RSA signed (this isn’t the DSA certiciate). I’ve tried using both of these certificiates but can’t browse on port 9091.
I’ve viewed the contents of the openfire keystore and can confirm that my pfx cert details appear correctly. I’ve checked the openfire trustore and can confirm the glabal CA intermediate and Global CA root CA contents have been added successfully, this should be ok as per https://support.globalsign.com/customer/portal/topics/538410
Not sure what to try next lol, I must be so near to solving this… thanks Thomas!!