powered by Jive Software

Importing OpenSSL certs

I have read several discussions pertaining to SSL and openfire, and I could use a little guidance.

I have installed openfire 3.6.4 on Linux things seem to be running great, however, I have the need to add a wild card cert to my server.

Here is what I have done.

  1. openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -out *.domain.com.key

  2. openssl req -new -nodes -sha1 -days 365 -key $NAME.key -out *.domain.com.csr

  3. Submitted the csr to StartCom, which they signed and sent back to me as ssl.cert

  4. keytool -import -trustcacerts -alias StartCom -file /root/certs/ca-bundle.pem -keystore truststore ( this is their CA chain)

  5. Open up openfire admin console and try and copy and paste the contents of *.domain.com.key and ssl.cert in to the forms anc click save. This produced There was an error one importing private key and signed certificate.

Now, given that this was generated with openssl, the key is not stored, if I manually add the ssl.crt with keytool -import -keystore keystore -alias domain.com -file /root/certs/ssl.crt openfire throws a java exception when you try and view the certificates.

I have attempted just about every solution provided here in the forum but none work.

Any advice?