So, you´ve got a wildcard Certificate and Openfire says “no way dude”?
Here is my HowTo for it.
I´ve got my *.domain.com certificate from commodo, so it is possible, that your certificates look a little different, but have the same purposes.
After you got your certificates, look for this three in special:
certificate.crt, intermediate1.crt, intermediate2.crt, root.crt
You need your private key file too.
Log into your Linux and make a temporary folder:
mkdir tmp && cd tmp
Copy all the above files in that directory
Chain all the certificates into one one file
cat certificate.crt intermediate1.crt intermediate2.crt root.crt > cert_bundle.pem
Now we got all certs in one file, but we need to line-split them.
Look for something like that: “-----END CERTIFICATE----------BEGIN CERTIFICATE-----”
Now split them, so “-----BEGIN CERTIFICATE-----” is at the beginning of the next line. Repeat that for the further.
When you are done, we need to create a pkcs12 file. Don´t use a password.
openssl pkcs12 -``export
-name yourserver.domain.com -``in cert
_bundle.pem -inkey mykey.key -out keystore.p12
Now we use the keytool to create a new keystore, remember your password.
keytool -importkeystore -destkeystore keystore -srckeystore keystore.p12 -srcstoretype pkcs12 -``alias yourserver.domain.com
Copy the keystore to your openfire directory
cp keystore /opt/openfire/.
Now we have everything in place and need to tell Openfire where to look. Change to your favorite webbrowser and log into your OpenFire Web-Console.
At Server Properties create a new Entry:
Property Name: xmpp.socket.ssl.keypass
With your Keystore Password as propertie Value.
Then get another new Entry:
Property Name: xmpp.socket.ssl.keystore
With the location of your keystore in Property Value. The rootdirectory is your openfire directory. If your keystorefile is in “/opt/openfire/keystoredir/keystore” you need “keystoredir/keystore”
At last tell openfire what storetype you are using.
Create a new Entry:
Property Name: xmpp.socket.ssl.storeType
With Property Value: JKS
Restart your server and all is good. If all is not good, I will try to help as much as I can.
Sorry for my english