#Go to java’'s jre/bin, try the following keytool command to create “keystore”.
keytool -genkey -keystore keystore -alias myjiveserver.com -keyalg RSA -validity 3650
#Now you are going to make a “exported.crt” certificate from “keystore”.
keytool -export -alias myjiveserver.com -keystore keystore -file exported.crt
#You need to replace the file “keystore” in /jive_messenger/resources/security/ with the one you create
#Then don’'t be fooled by “What is your first and last name?” to put your name. Put your
#SERVER NAME, myjiveserver.com (keystore -alias).
#You also need to use “changeit” as a keystore password and don’'t change the password
#because Jive messenger is having an issue with different password. If it is fixed,
#please let me know.
Enter keystore password: changeit
What is your first and last name?
What is the name of your organizational unit?
: Whatever
What is the name of your organization?
: Whatever
What is the name of your City or Locality?
: Whatever
What is the name of your State or Province?
: Whatever
What is the two-letter country code for this unit?
: Whatever
Is CN=myjiveserver.com, OU=“Whatever”, O=“Whatever”, L=Whatever, ST=Whatever, C=Whatever correct?
: yes
Enter key password for <jive.redback.com>
(RETURN if same as keystore password):
#Then you need to have openssl on your linux box (Windows folks, go get a linux box)
#openssl x509 -noout -text -in exported.crt -inform der ////forget this part.
#You are going to create a popular form of certificate, “exported-pem.crt”, from
#“exported.crt”
openssl x509 -out exported-pem.crt -outform pem -text -in exported.crt -inform der
#Now open “exported-pem.crt” with text editor (Don’'t use notepad, wordpad is ok.)
#Copy the key between “–-BEGIN CERTIFICATE-” and “-END CERTIFICATE—”
#Open \Psi\certs\rootcert.xml , Make a tag .
#Be aware that key has to be a single line and the key we just paste is broken into
#multiples line, so make it a single line and save it.
#Now you can run SSL connection for Jive Messenger Server with self-signed certificate
-
and psi client. psi will not be complaining about the certificate being self-signed
-
It also work for exodus. Please update the other working clients also if you want.
Reference Material:
http://www.jivesoftware.org/community/thread.jspa?messageID=98886??
http://www.jivesoftware.org/community/search.jspa?objID=f40&q=ssl+changeit
http://psi-im.org/forum/thread/780
http://www.modssl.org/docs/2.8/ssl_faq.html
http://mark.foster.cc/kb/openssl-keytool.html
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html
http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html
http://psi-im.org/forum/thread/2632
#Please don’'t bug me, this is too much spoon feed already.
#Can I also get points for that?
Message was edited by:
wmhtet
Message was edited by:
wmhtet