Openfire, XMPP SSL and TSL errors

On ATAK, says SSL error:
On Monal, says TSL error: Bad Certificate.

WinTAK and Pidgen work with no issue to login the registered users.

What should I do?

Openfire is on the latest Ubuntu hosted on DigitalOcean.

I assume I have to create certs as ATAK and Monal don’t do this automatically like WinTAK and Pidgen?


The error messages you’re seeing on ATAK (“SSL error”) and Monal (“TSL error: Bad Certificate”) indicate a problem with the SSL/TLS certificate used by your Openfire server. While WinTAK and Pidgen connect without issue, it’s likely because they have their own certificate validation methods or lower security requirements.

Here’s what you need to do:

Verify your Openfire SSL/TLS certificate:

Log in to your Openfire admin console.
Navigate to the Security settings section.
Check the details of your SSL/TLS certificate. Ensure it’s valid, not self-signed, and issued by a trusted Certificate Authority (CA).

Install a trusted certificate (if needed):

If your certificate is self-signed, you’ll need to obtain one from a trusted CA. This certificate will be recognized by ATAK and Monal, eliminating the validation errors.
There are free and paid options for obtaining SSL/TLS certificates. Popular choices include Let’s Encrypt (free) and DigiCert (paid).

Configure ATAK and Monal (optional):

In some cases, you might be able to configure ATAK and Monal to accept your self-signed certificate by trusting the server manually. However, this is a less secure approach and not recommended for production environments.

I hope the solution may help you.