Plese help to implement ssl

Edgars · September 28, 2016, 12:21pm

Hello,

I have go through this guide Openfire: SSL Guide to implement SSL for openfire and if I am doing step by step what here described I could not get worked solution

receiving such errors in SSL tab:

Configuration problem: Unable to access the store.

unable to access certificate store. The keystore may be corrupt

what I have done:

updated keystore password
generate cert request: keytool -certreq -keystore keystore -alias server_name.domain -file request_openfire_cert
Created from CA sertificate
imported CA cert: keytool -import -keystore keystore -alias server_name.domain -file signed_certificate_file
addedd these values:

xmpp.socket.ssl.active – set to ‘true’ to active SSL

xmpp.socket.ssl.port – the port to use for SSL (default is 5223 for XMPP)

xmpp.socket.ssl.storeType – the store type used (“JKS” is the Sun Java Keystore format used by the JDK keytool). If this property is not defined, Openfire will assume a value of “jks”.

xmpp.socket.ssl.keystore – the location of the keystore file relative to your Openfire installation root directory. You can leave this property blank to use the default keystore.

xmpp.socket.ssl.keypass – the keystore/key password you changed in step 2.

restarted openfire service

Server spec: RedHat7

openfire 4.0.3

installed as rpm

speedy · September 28, 2016, 12:47pm

ssl on 5333 is depreciated. you should be using the tls over 5222

Then you cans go to STARTTLS policy in your openfire admin panel and set this to your needs.

Edgars · September 28, 2016, 1:06pm

could you please describe how to do that client connections would encrypted, because when I set STARTTLS policy to required, client could not connect to server.

speedy · September 28, 2016, 1:17pm

what client are you using? If you messed with your certificate store, you may have corrupt it as well, so you might need to regenerate your certificates in openfire.