powered by Jive Software

Import SSL .cer Certificate into Openfire 3.7.1

I’m having a rough time getting SSL configured properly on an Openfire install. Has anyone out there successfully done this?

I have a signed .cer ready to use I just don’t know what to do with it.

I’m running Openfire 3.7.1 on Ubuntu 12.04. I’ve been through tons of tutorials on converting between various format using openssl and java keytool, but its only getting more confusing… Can anybody offer any assistance?


I use the default self-signed cert that the base installation generates on first install, but it does look pretty easy.

You should not have to worry about implementation details, such as converting the certificate to special formats, etc. Just open your Openfire Admin webpage, and under the Server tab there is a Server Settings sub-tab. under that there is a Server Certificates button on the side menu. The bottom of that page is a section called Signing Request. Click that link to generate the CSR, which you paste into your SSL provier’s Wizard and they will use that to generate a new cert based on the info in the CSR (server name, etc). Then take that cert and go back to yoru openfire Server Certificates page and follow the wizard after clicking the Import link.

Thanks Jason.

I would like to use an existing cert and not go though creating a new one if possible… I’ve just seen that there’s a menu for importing an exisiting cert: https:// server-name/import-certificate.jsp

I wonder if I just extract the text from my existing .cer file and copy it into the “content of certificate file” and then add my the key (that pairs with the .cer file) to the “Content of Private Key file” whether that will work?

That didn’t work, I get a random java error when I attempt to import the contents of my .cer file and passphrase using the certificate import wizard.

I suspect I need to use the Keytool, does anybody know the following:

  • Where do I need to upload my existing .cer cert to on the server to use the keytool?

  • What format does the cert need to be in, is it pksc12?

You would have thought it would be fairly straight forward to import an existing SSL cert for this!!!