Openfire over https

I have successfully install openfire(4.0.2) in my window system and working fine over http(http://127.0.0.1:9090/ ).

But when i have tried to access over https (https://127.0.0.1:9091/ ), it cant work or load.

can anyone have same problem and solution.

i think there is something related to server configuration.

How do you run Openfire? If you run it with the launcher. Does it show:

Openfire 4.0.2 [Aug 20, 2016 12:25:21 PM]

Admin console listening at:

http://server:9090

https://server:9091

Also, have you imported some custom SSL certificates after the installation?

1 Like

Yes it showing… problem was in installation. i just reinstall and now its working fine. i am testing with self signed certificate.

Thanks for your response.

1 Like

Hi!

may i know on how you be able to create self signed cert for windows.?

Thank you in advanced!

Cheers!

In current Openfire versions it generates them for you automatically during the setup, you don’t have to do anything and https should work also.

1 Like

but when i open openfire via web its says unsecure… ca you please give some hints on how to secure it via https.?

Thank you very much!

Where does it say so? Your browser? This is because self-signed certificates are not considered that secure, as there is no authority behind them (no certificate issuing institution who can prove this certificate is true). Self-signed certificate is generated by your computer, so it can be altered by you or someone else. Many still use self-signed certificates as this is easier and cheaper and it still encrypts your traffic. Usually self-signed certificates are enough in local networks.

Or maybe you are going into http://server:9090 ? This connection is not encrypted. If you want to disable 9090 port, then stop Openfire, edit /conf/openfire.xml and change

9090

to

-1

Then only 9091 secure port should be available.

1 Like

Thank you very much for your reply!

yes i’m using a browser via https port 9091.

as stated below my server already have a self signed RSA & DSA, and what I’m hoping to do is to get rid the “Connection is Not Secure” notification, how can i do that using a CA from third party like Go daddy.? or if i’m going to use the self signed, how can i install it to the browser.? when i open the self signed cert there was no export button.

your prompt reply will be greatly appreciated.

Why do you want to get rid of that notification in the browser? This is Admin Console, so it usually only affects admins. Unless you are using some plugin like Ofmeet and users go to that URL. Of course, same certificate is used for clients connection. So a more sophisticated clients will show a warning. In Spark you will need to enable “Accept All certificates” to be able to connect.

Yes, you can use a third party cert, but i can’t help with that. Never used myself. I don’t know if it is possible to export a self-signed certificate either.

P.S. in future do not ask for prompt replies. I know you probably didn’t mean anything bad, but as we are all here just volunteers it sounds rude to demand quick reply

1 Like

Apoligies if its turned look rude but, i didn’t mean it like that.

For the plugin yes, i’m using a ofmeet plugin for video conferencing.

Thank you very much for your kindness! :slight_smile: