I set up an OpenFire installation and configured it to use LDAP for authentication. Everything works perfectly!
Afterwards I realised that the LDAP server is using a self-signed certificate and I had forgotten to make it know to OpenFire/Java. So the fact that everything is working smoothly, is actually a bad thing.
I did some research in this forum and found a couple of discussions that indicate that OpenFire wasn’t verifying the chain in the past, but started to with release 3.10.2. I’m wondering why this behaviour was changed again – or am I missing something? – and how I can activate a proper verification again.
Since the original behavior was to accept self-signed. A change in 3.10.1 caused a lot of problems for users upgrading, so it was reverted back in 3.10.3 to the behavior everyone was expected. right or wrong, a lot of commercial products act in the same way as well. With a few small changes, it should be easy to add the certificate check, and a property value to enable it.
