powered by Jive Software

OF 4.6.4 Lost DNS Entries for manager, pubsub, conference, etc

Interesting issue just started today. All of a sudden I am getting this in my logs:

2021.08.26 11:05:38 INFO [Jetty-QTP-AdminConsole-145]: org.jivesoftware.openfire.keystore.IdentityStore - Certificate with alias 'My.Domain_rsa' is missing DNS identity 'manager.My.Domain'.

And no one seems to be able to connect to or create any Group Chat room. This server has been working fine for over a year and all of a sudden this is happening.
Anyone know how to correct this issue? That line I pasted is for all the subservices:

  • manager
  • pubsub
  • conference
  • search
  • proxy
  • httpfileuploader
  • updater

The server is Cloud Hosted and running CentOS 8(CentOS Linux release 8.2.2004 (Core))
I have no idea where those setting are even set, or why they would have magically become unset.

Any help would be great.

This probably means that the SSL/TLS certificate that your server is using has expired.

I’m not sure what happened. But I got to the office the next day and everything was working fine again. The cert is good until January.

Do you happen to have more than one certificate installed? Depending on the make and model of Java, a semi random one might be used of more than one is installed (even if that’s an invalid one).

Just the ones that came with Openfire and the one we purchased.

Should I remove all of the others that come pre-installed?

Assuming that the one you bought covers the correct domain names, you don’t need the ones that Openfire automatically generated when it was installed. Do backup things before deleting anything though.

We bought a full domain. So anything *.domain.com. it might have been a failure on the hosting services DNS servers. Hell, I work in IT and it’s always a DNS issue. I would like to se some more control, without needing to know code or sql commands in the admin section. A lot of that crap I know nothing about. But I’m always learning.

If it isn’t DNS, it’s always TLS. :wink:

It is impossible to tell without looking at the exact configuration, but if the server host name and the XMPP domain name that Openfire is configured for are both covered by that wildcard certificate, then having the auto-generated certificate will only introduce problems.

if added a PR for this case. If the dns entrys for subdomains are not set, then it will use its parent xmpp domain (host) for the connection: