powered by Jive Software

Import Signed WIldcard Cert

I am trying to import the signed wildcard certificates that we have to our openfire installation and I am having absolutely no success.

The keys, requests and what not were all generated by openssl for mainly use with Apache. We have used these same keys to do a keytool import but into PKCS12 format for another Java application that we have running, and that worked without a problem.

I have tried importing the files, and they appear to import fine, however when I remove the old generated self signed certs and restart the server, I get the following error when checking the Security Settings in Openfire:

Unable to access certificate store. The keystore may be corrupt.

One or more certificates are missing. Click here to generate self-signed certificates or here to import a signed certificate and its private key.

I am trying this using openfire 3.5.1, and here are the commands that I am running to do the import:

keytool -import -keystore keystore -alias bundle -file /home/jared.griffith/ssl/gd_intermediate_bundle.crt

keytool -import -keystore keystore -alias wildcardcert -file /home/jared.griffith/ssl/_.farheap.com.crt

The docs didn’t really seem to cover if you already had crt, key, and a signed crt from a CA.

Anyone else have this problem?

Is there a solution to it?

Jared,

did you solve the problem with importing a signed wildcard ssl cert? We are having the same problem. Love to hear how you’ve solved it.

Did you ever solve this?

We solved it. See: http://www.igniterealtime.org/community/message/196707#196707