Openfire 4.4.2 brings a change that can be leveraged for a new kind of integration with Microsoft Windows.
Traditionally, Openfire ships with its own set of certificate stores. These are the repositories that hold various certificates, which are most commonly used to establish encrypted connections.
As of Openfire 4.4.2, you can now configure Openfire to make use of the certificate stores that are part of / managed by Microsoft Windows. Note that doing this currently allows for Openfire to make modifications to these stores! Some might consider this a bug, while others think it’s a feature.
To configure Openfire to make use of the Windows keystores, define these properties:
So for the ignorant layman such as myself, how do I get Openfire to use a certificate already in my Windows keystore? I have a 3rd party signed certificate already installed in my Windows keystore that matches the server name, but when I set those properties in Openfire and restart, it complains that it couldn’t find any matching certificates. I am unsure how to troubleshoot further.
You should only need the property xmpp.socket.ssl.identityStoreType set to value: Windows-MY I think. I’m unsure how Openfire reacts if there are more certificates I’m the store than it needs. For some versions of Java, it might simply pick a random one, instead of the most appropriate certificate available in the store.
Thanks Guus. It turned out I needed both xmpp.socket.ssl.trustStoreType value: Windows-ROOT and xmpp.socket.ssl.identityStoreType value: Windows-MY and then it worked.
Good morning, new to Openfire I recently received my signed certificate from my CA. Could you please elaborate on where i define these properties? I think it was something in the openfire.xml file but i did not find anything like the cmds above. thank you
Openfire system properties are typically managed in the admin console, as shown below.
You can also set most of them in the XML file that you’ve found, but then you’ll need to convert them to XML. For example, xmpp.socket.ssl.trustStoreType=Windows-ROOT would become something like:
thank you so much for the assistance! I currently have v4.7.5 and i inputted those property entries and it did not take, the default value displayed as unknown. Does this fix work for the current version i am using?
These particular properties should be available since 4.4.2, so I’d expect them to be used by 4.7.5.
The default value (third column in my screenshot) being listed as ‘unknown’ is not a problem. That value would only be used if the property didn’t have an explicit property value (second column).
The fact that some properties have default values and others do not is something that has to do with different ways that Openfire defines properties, which isn’t really of interest here.
The definition of a property and their usage are separate things. Anyone is able to set a property of
any name, that can be made up on the fly. Openfire will persist those just fine. If Openfire actually uses that property for something useful is a different question.
