powered by Jive Software

Make self-signed SSL connection which Psi won''t complain about self-signed

#Go to java’'s jre/bin, try the following keytool command to create “keystore”.

keytool -genkey -keystore keystore -alias myjiveserver.com -keyalg RSA -validity 3650

#Now you are going to make a “exported.crt” certificate from “keystore”.

keytool -export -alias myjiveserver.com -keystore keystore -file exported.crt

#You need to replace the file “keystore” in /jive_messenger/resources/security/ with the one you create

#Then don’'t be fooled by “What is your first and last name?” to put your name. Put your

#SERVER NAME, myjiveserver.com (keystore -alias).

#You also need to use “changeit” as a keystore password and don’'t change the password

#because Jive messenger is having an issue with different password. If it is fixed,

#please let me know.

Enter keystore password: changeit

What is your first and last name?

: myjiveserver.com

What is the name of your organizational unit?

: Whatever

What is the name of your organization?

: Whatever

What is the name of your City or Locality?

: Whatever

What is the name of your State or Province?

: Whatever

What is the two-letter country code for this unit?

: Whatever

Is CN=myjiveserver.com, OU=“Whatever”, O=“Whatever”, L=Whatever, ST=Whatever, C=Whatever correct?

: yes

Enter key password for <jive.redback.com>

(RETURN if same as keystore password):

#Then you need to have openssl on your linux box (Windows folks, go get a linux box)

#openssl x509 -noout -text -in exported.crt -inform der ////forget this part.

#You are going to create a popular form of certificate, “exported-pem.crt”, from

#“exported.crt”

openssl x509 -out exported-pem.crt -outform pem -text -in exported.crt -inform der

#Now open “exported-pem.crt” with text editor (Don’'t use notepad, wordpad is ok.)

#Copy the key between “–-BEGIN CERTIFICATE-” and “-END CERTIFICATE—”

#Open \Psi\certs\rootcert.xml , Make a tag .

#Be aware that key has to be a single line and the key we just paste is broken into

#multiples line, so make it a single line and save it.

#Now you can run SSL connection for Jive Messenger Server with self-signed certificate

  1. and psi client. psi will not be complaining about the certificate being self-signed

  2. It also work for exodus. Please update the other working clients also if you want.

Reference Material:

http://www.jivesoftware.org/community/thread.jspa?messageID=98886??

http://www.jivesoftware.org/community/search.jspa?objID=f40&q=ssl+changeit

http://tinyurl.com/coon2

http://psi-im.org/forum/thread/780

http://www.modssl.org/docs/2.8/ssl_faq.html

http://mark.foster.cc/kb/openssl-keytool.html

http://www.drh-consultancy.demon.co.uk/pkcs12faq.html

http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html

http://psi-im.org/forum/thread/2632

#Please don’'t bug me, this is too much spoon feed already.

#Can I also get points for that?

Message was edited by:

wmhtet

Message was edited by:

wmhtet

Nice guide!

Add reference:

http://psi-im.org/wiki/SSL_Certificates_(QCA1)