Openfire unable to Authenticate clients that have certificate chain

Hi All,

I am unable to authenticate clients using SASL-EXTERNAL mechanism. I have imported the client certificate, CA certificate and intermediate certificate into Openfire Truststore. Below mentioned lines are the errors getting logged in the Openfire log file:

2016.05.25 17:11:30 DEBUG [socket_c2s-thread-2]: org.jivesoftware.openfire.net.SASLAuthentication - SASLAuthentication: EXTERNAL authentication via SSL certs for c2s connection

2016.05.25 17:11:30 DEBUG [socket_c2s-thread-2]: org.jivesoftware.openfire.net.SASLAuthentication - SASLAuthentication: EXTERNAL authentication requested, but EE cert untrusted.

On further debugging i found that the issue is the Root certificate is not recognized by Openfire even though it is present in its truststore.

Help required on this matter