Openfire 4.6.3 - 4.6.4
Hello. In the admin console (Identity store), I click on the link to generate a self-signed SSL certificate. But I get an error: “Internal server error: Unable to generate new self-signed RSA certificate. (generate)”
In the log, I only see the INFO messages:
2021.07.01 08:32:31 org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias '[my_domain].com' is missing DNS identity 'pubsub.[my_domain].com'.
2021.07.01 08:32:31 org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias '[my_domain].com' is missing DNS identity 'search.[my_domain].com'.
2021.07.01 08:32:31 org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias '[my_domain].com' is missing DNS identity 'proxy.[my_domain].com'.
2021.07.01 08:32:31 org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias '[my_domain].com' is missing DNS identity 'conference.[my_domain].com'.
2021.07.01 08:32:31 org.jivesoftware.openfire.keystore.IdentityStore - Generating a new private key and corresponding self-signed certificate for domain name '[my_domain].com', using the RSA algorithm (sign-algorithm: SHA256WITHRSAENCRYPTION with a key size of 2048 bits). Certificate will be valid for 1825 days.
2021.07.01 08:32:31 org.jivesoftware.openfire.spi.ConnectionListener[socket_c2s] - Reconfigured.
2021.07.01 08:32:31 org.jivesoftware.openfire.spi.ConnectionListener[socket_c2s-legacyMode] - Reconfigured.
2021.07.01 08:32:31 org.jivesoftware.openfire.spi.ConnectionListener[socket_s2s] - Reconfigured.
2021.07.01 08:32:31 org.jivesoftware.openfire.spi.ConnectionListener[socket_s2s-legacyMode] - Reconfigured.
2021.07.01 08:32:31 org.jivesoftware.openfire.spi.ConnectionListener[component] - Reconfigured.
2021.07.01 08:32:31 org.jivesoftware.openfire.spi.ConnectionListener[component-legacyMode] - Reconfigured.
2021.07.01 08:32:31 org.jivesoftware.openfire.spi.ConnectionListener[connection_manager] - Reconfigured.
2021.07.01 08:32:31 org.jivesoftware.openfire.spi.ConnectionListener[connection_manager-legacyMode] - Reconfigured.
2021.07.01 08:32:31 org.jivesoftware.openfire.http.HttpSessionManager - Stopping instance
2021.07.01 08:32:31 org.jivesoftware.openfire.http.HttpBindManager - HTTP bind service stopped
2021.07.01 08:32:31 org.jivesoftware.openfire.spi.EncryptionArtifactFactory - Creating new SslContextFactory instance
2021.07.01 08:32:31 org.jivesoftware.openfire.http.HttpSessionManager - Starting instance
2021.07.01 08:32:31 org.jivesoftware.openfire.http.HttpBindManager - HTTP bind service started
A regular certificate is also not imported through the web interface. I get the error: “There was an error while trying to import the private key and signed certificate. Internal server error: Unable to install a certificate into an identity store.”
Importing the certificate through the keytool works, but the HTTP bind still does not work. Error: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”.
But before that, about a year and earlier, everything worked. I get this error after updating Openfire to a new version.
How can I find out the cause of these errors?
Server Properties
Server Uptime: 21 hours, 20 minutes -- started Jun 30, 2021 11:23:12 AM
Version: Openfire 4.6.3
Server Directory: /usr/share/openfire
XMPP Domain Name: [my_domain].com
Environment
Java Version: 1.8.0_292 Private Build -- OpenJDK 64-Bit Server VM
Appserver: jetty/9.4.35.v20201120
Server Host Name (FQDN): [my_domain].com
OS / Hardware: Linux / amd64
Locale / Timezone: en / Coordinated Universal Time (0 GMT)
OS Process Owner: openfire
Java Memory: 370.06 MB of 27305.00 MB (1.4%) used