powered by Jive Software

HTTPS certificate + Firefox problems

I’'m using this new feature to connect to Admin Console with Firefox. It shows this message every time i start Firefox and try to connect to AC:

http://wr00t.port5.com/cert.jpg

Well, i have to press OK and it loads AC. Though it could remember this cert. I cant find such option in firefox to do this. But this is ok. I can press this OK button:)

But… it seems that almost every second time i launch Firefox and try to connect to AC, after pressing OK on cert. dialog i get this error:

http://wr00t.port5.com/cert_er.jpg

And i have to restart firefox because of that to manage to connect to AC. I’‘m using lots of tabs all the time and only one instance so it’'s not convinient to close Firefox all the time it happens.

Some solutions, thoughts?

It happened to me once.

Try this:

  • close mozilla firefox

  • go to C:\Documents and Settings[your_username]\Application Data\Mozilla\Firefox\Profiles[random_string]\

  • delete cert8.db,key3.db and secmod.db

  • restart firefox and go to https://jiveserver:9091

it worked for me.

not works for me, same problem.

Looks like you’‘re using the default keystore that came with the jive dist? I’‘d punt that right away. You definitely want to make your own, even if it is self-signed. Regenerating the entire contents of the keystore might make this problem go away. Having replaced the stock keystore after install, I can’'t look to be sure, but perhaps that default cert is expired by now or something?

yes i’'m using Joan Doe cert. It expires on 2008. n00b question, but how can i create my own keystore? Some example maybe?

You can use /opt/jive_messenger/jre/bin/keytool to create a new one or manipulate the old one. Some example commands are given in the SSL doc. I found it much easier to use the command line than the Admin Console for that stuff. If you’'re running on Windows, I guess adjust the path accordingly? Not sure.

Probably not relevant to you, but just in case… if you want to import a key and cert that you generated with OpenSSL, that won’‘t be possible. Sun’‘s keytool won’'t allow that for some odd reason. The only easy way I found to do that was using a tool from IBM called KeyMan.

I just found the following page (for something unrelated) about importing OpenSSL keys into Java keystores. Not sure if it helps, but I thought I’'d pass it along:

http://mark.foster.cc/kb/openssl-keytool.html

-Matt

Yeap, that’'s where I found the KeyMan link. The other options were either broken links or hugely complicated by comparison.