Hi,
I just got my certificate from the JSF. It works fine when used in apache, however, I can’'t get it to work with Wildfire.
I removed the self-signed certs from the site and added my own by using the form on the admin interface. It’‘s shown correctly. However, when I try to connect from either Adium or my Smack-using plugin, it doesn’‘t work. In the server’'s error log, I get the following exception every time I try to connect:
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:994)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:4 59)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:10 54)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1026)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:411)
at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:356)
at org.jivesoftware.wildfire.net.TLSStreamHandler.start(TLSStreamHandler.java:250)
at org.jivesoftware.wildfire.net.SocketConnection.startTLS(SocketConnection.java:1 73)
at org.jivesoftware.wildfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:72)
at org.jivesoftware.wildfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:126)
at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 62)
at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:123)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1352)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:164)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshake r.java:639)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java :450)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.j ava:178)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:437)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:932)
at org.jivesoftware.wildfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:40 7)
at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:317)
… 7 more
I googled for that, and it appears that you need an RSA key for those clients. However, the admin interface defines the public key as “Sun RSA public key, 2048 bits”, so that should be ok. Java’‘s keytool doesn’'t show any problems.
The blog at igniterealtime Says that “I?m happy to announce that Wildfire 3.2 will fully support certificates created by the JSF ICA.”. Does that mean those certs aren’‘t supported yet? That would be very strange, since they don’'t seem to be any special.
btw, apache asked me for the cert’‘s password when launching, while Wildfire never prompts for one. This could be one of the reasons it doesn’‘t work, but I don’'t know what to do about that…