Openfire 4.7.1 - cannot import certificate into truststore

when trying to import a root cert into truststore using import form [] I get page cannot displayed and webinterface is crashing

anyone else facing this problem with 4.7.1?
in the past with version 4.6.0 I had no problems importing additional CA

Kind Regards Robert

Hi Robert, thanks for reporting this. Can you please provide some screenshots, and relevant content from the log files? As a work-around, you can modify the keystore files directly. This is documented in Openfire: SSL Guide

before I start collecting some informations like screenshots an logfiles I would like to ask if somebody is able to reproduce the problem on a linux based openfire 4.7.1 installation?


This happened to me as well. Openfire 4.7.1
When importing certificate, URL redirect to https://x.x.x.x:9091/import-truststore-certificate.jsp?connectionType=SOCKET_S2S
Browser shows : Unable to connect. An error occurred during a connection to x.x.x.x:9091.
And it requires me to re-login when accessing the Server Control Panel.

When a new certificate is imported, the webserver that is serving the admin console might be restarted. Maybe, if you’re unlucky enough, that is what causes this error. It should still have updated the certificate. Can you verify that?

Nope, the certificate is not submitted, unfortunately.

Please review the Openfire log file, and see if it contains any relevant messages.

Seems like it has been submitted, the log says cert changes detected before the server is restarted…
can’t find my alias tho, maybe because it already exists :thinking:

2022.06.21 20:00:18 INFO  [Jetty-QTP-AdminConsole-78547]: org.jivesoftware.openfire.container.AdminConsolePlugin - Automatically restarting plugin. Certificate changes detected.
2022.06.21 20:00:18 DEBUG [Jetty-QTP-AdminConsole-78547]: org.directwebremoting.log.startup - Destroy for container: DefaultContainer
2022.06.21 20:00:18 DEBUG [Jetty-QTP-AdminConsole-78547]: org.directwebremoting.log.startup - - For contained bean: java.util.concurrent.ScheduledThreadPoolExecutor
2022.06.21 20:00:18 DEBUG [Jetty-QTP-AdminConsole-78547]: org.directwebremoting.log.startup - - For contained bean: org.directwebremoting.extend.CreatorManager
2022.06.21 20:00:18 DEBUG [Jetty-QTP-AdminConsole-78547]: org.directwebremoting.log.startup - - For contained bean: org.directwebremoting.extend.ScriptSessionManager
2022.06.21 20:00:18 DEBUG [Jetty-QTP-AdminConsole-78547]: org.directwebremoting.log.startup - - For contained bean: org.directwebremoting.extend.ServerLoadMonitor
2022.06.21 20:00:18 DEBUG [Jetty-QTP-AdminConsole-78547]: org.directwebremoting.impl.AbstractServerLoadMonitor -  - shutdown on: org.directwebremoting.impl.DefaultServerLoadMonitor@74d50edf

Happens to us also. When inserting a new certificate or deleting a certificate from the truststore, the Connection manager is restarted and the admin user is kicked out. The restarting does not end always successful.

Some code digging, showed it is intended behaviour. When the trust store is changed the connection manager restarts. Although OF-2212 created a patch for the keystore by pausing the restart when updating the keystore certificates. The same change should be applied to the truststore jsp’s.

Thanks for this pointer, Anno. I’ve raised this issue as [OF-2483] - Ignite Realtime Jira. I have a fix in the works.

This issue should be fixed in the upcoming Openfire 4.7.3 release.