HowTo Wildcard Certificate & OpenFire (Linux Version)

Openfire Openfire Support
1

So, you´ve got a wildcard Certificate and Openfire says “no way dude”?

Here is my HowTo for it.

I´ve got my *.domain.com certificate from commodo, so it is possible, that your certificates look a little different, but have the same purposes.

Let´s begin:

After you got your certificates, look for this three in special:

certificate.crt, intermediate1.crt, intermediate2.crt, root.crt

You need your private key file too.

mykey.key

Log into your Linux and make a temporary folder:

mkdir tmp && cd tmp

Copy all the above files in that directory

Chain all the certificates into one one file

cat certificate.crt intermediate1.crt intermediate2.crt root.crt > cert_bundle.pem

Now we got all certs in one file, but we need to line-split them.

vi cert_bundle.pem

Look for something like that: “-----END CERTIFICATE----------BEGIN CERTIFICATE-----”

Now split them, so “-----BEGIN CERTIFICATE-----” is at the beginning of the next line. Repeat that for the further.

When you are done, we need to create a pkcs12 file. Don´t use a password.

openssl pkcs12 -``export -name yourserver.domain.com -``in cert_bundle.pem -inkey mykey.key -out keystore.p12

Now we use the keytool to create a new keystore, remember your password.

keytool -importkeystore -destkeystore keystore -srckeystore keystore.p12 -srcstoretype pkcs12 -``alias yourserver.domain.com

Copy the keystore to your openfire directory

cp keystore /opt/openfire/.

Now we have everything in place and need to tell Openfire where to look. Change to your favorite webbrowser and log into your OpenFire Web-Console.

At Server Properties create a new Entry:

Property Name: xmpp.socket.ssl.keypass

With your Keystore Password as propertie Value.

Then get another new Entry:

Property Name: xmpp.socket.ssl.keystore

With the location of your keystore in Property Value. The rootdirectory is your openfire directory. If your keystorefile is in “/opt/openfire/keystoredir/keystore” you need “keystoredir/keystore”

At last tell openfire what storetype you are using.

Create a new Entry:

Property Name: xmpp.socket.ssl.storeType

With Property Value: JKS

Restart your server and all is good. If all is not good, I will try to help as much as I can.

Sorry for my english

This document was generated from the following discussion: HowTo Wildcard Certificate & OpenFire (Linux Version)