powered by Jive Software

Openfire ssl wildcard


#1

Hello all.
i have run openfire as a jabber server on my server.
now I try to set a comodo ssl wildcard in openfire.
however, this only partly succeeds.
he just keeps on giving his dsa certificate Pending Verification.
men rsa certificate is good says openfire (CA Signed).
like to hear what I’m doing wrong and how I can get it right?
greetings: Peter.
ps: sorrie for reading English is a good thing, but do not write that I wrote it in Dutch and translated it with google translate


#2

when importing the certificate, you have to include all parts of it…the full chain!
root ca
intermediates
cert

in my case with comodo, I had 4 certs that I had to combine and paste into the input field


#3

First, thank you very much for your response.
I have not yet found how to combine prescriptions with certificates.
a certificate can be entered via the web interface and I also have 1 certificate that has the status: CA Signed.
but I have not succeeded in combining certificates yet.
hopefully you can tell me where I can find information about how to combine them.
I also hope that you can tell me which of the following files I need for combining?

I have made the following 2 certificates for comodo
www_sslcertificaten_en.csr
www_sslcertificaten_en.key

and the following files I have received from comodo
in the folder linux:

  • _jenp_net.ca-bundle
    in the mpaje Root Certificates state:
    AddTrustExternalCARoot.crt
    COMODORSAAddTrustCA.crt
    COMODORSADomainValidationSecureServerCA.crt
    in the windowws folder:
  • _jenp_net.p7b
    and in the main part of the zip:
  • _jenp_net.crt

thanks again for the help and greetings: Peter
oh well before I forget it is os: debian linux 9 64 bit


#4

https://www.digicert.com/ssl-support/pem-ssl-creation.htm


#5

599/5000
first thank you very much for the info.
I have now succeeded in making a pem file, and I try to install the certificates according to the following manual.


however, I get stuck at the next comandow
openssl pkcs12 -export-name jenp jabber.jenp.net -in cert_bundle.pem -inkey www_sslcertificaten_en.key -out keystore.p12
once I use this I get the error message:
pkcs12: Unknown cipher export-name
pkcs12: Use -help for summary.
hopefully someone can help me with this


#6

your command looks suspicious, why is there a space or whatever you have after the -export-name ?


#7

thank you very much.
I now get through all the steps successfully.
However, after going through the steps, on the admin page at ssl / tls, you can see that there is a certificate missing.
the lax text on the page is:

	One or more certificates are missing. Click here to generate self-signed certificates or here to import a signed certificate and its private key.

This page lists certificates that are used to identify this Openfire instance.

Certificates are used (through TLS and SSL protocols) to establish secure connections between servers and clients. When a secured connection is being created, parties can retrieve a certificate from the other party and (amongst others) examine the issuer of those certificates. If the issuer is trusted, a secured layer of communication can be established.

Openfire can generate certificates that are self-signed. The issuer of those certificates is the Openfire instance itself. Although remote parties can choose to trust servers that provide a self-signed certificate, this is rare, and, from a security perspective, questionable.

The certificates that are used to identify this Openfire instance should be signed by a Certificate Authority (CA) that is commonly trusted by clients and other servers. This page allows you to generate a Certificate Signing Request (CSR), which you can use to obtain a signed certificate from such a Certificate Authority. After you obtain a reply from the CA to the CSR, that reply can be inserted in this page to install a CA signed certificate.

Alternatively, a certificate might already be made available though other means. In the this case the signed certificate and corresponding private key can be imported here.
Identity (Alias) 	Valid between 	Status 	Algorithm 	Verwijderen
*.jenp.net , jenp.net (jabber.jenp.net) 	15-dec-2017 - 16-dec-2018 	The certificate has been signed by a Certificate Authority. Clients and servers are expected to accept the certificate unless they do not trust the Certificate Authority that signed the certificate. 	CA Signed 	RSA 

#8

apparently I can just ignore the message on the openfire admin page and apparently only have a certificate

Thank you very much for the help