powered by Jive Software

Need separate certs for inverse vs. clients

My server has a hostname of jabber.mydomain And my jabber domain is the same as my actual DNS domain, mydomain I can import a cert for mydomain without issue, which should be fine for clients. However, I am running the inverse plugin. And when a web browser connects to ://jabber.mydoimain:7443/inverse, it has to see a cert for jabber.mydoimain.org. I generated one, but the web interface refuses to import it, because it does not match the jabber domain. How do I make this work for both clients and the webclient?

Thanks in advance.

OK, I just needed to make a SAN cert, like so,

Also needed to add a line “prompt = no” after the req_extensions line in the conf file, to get the CSR to generate properly.

Good to read that you’ve already resolved the issue. For future reference: the certificates used by Openfire are stored in a standard Java certificate archive, that can be managed by standard Java tooling (“keytool”). There’s more on this in our (sightly outdated) documentation, here: http://download.igniterealtime.org/openfire/docs/latest/documentation/ssl-guide.html