First time user of Openfire. Not real strong in linux…
I have openfire configured, and everything seems really straight forward, a great simple project. Where I am getting hung up, is the certificates. In spark, I have been able to get the hostname to validate. but the cert is still “unable to verify.”
I used openssl to create a new cert request and had it self-signed by a domain CA. The web page is trusted on the local domain. No problems there.
I was able to get a new key generated, and a cert request made, using keytool, the same domain CA issued it, and after importing, it seems that the host name is no longer an issue, but the cert is still unable to verify, per spark.
I know I can just accept all certificates in spark, but after going through all this work, it doesn’t sit well that I settle for accepting all certs.
I have not been able to find any instructions specific to self-signing with a windows CA, which should be a viable solution when openfire is not used outside the office domain. …Because the hostname issue seems to have gone away, the CN must be correct, and because I have a trusted site, when accessing the webpage, with a cert issued by the same doamin CA, i would think the cert used for openfire/spark should also be trusted, by the client.
One clue I have is that when I import the issued cert into keystore, it tells me that it is “not trusted, reply anyway?”
Your time is appreciated.