Guys,
I’ve spent the last few days trying to get an XMPP.ORG cert installed on my Openfire 3.6.3 server, to no avail. I’ve tried with both a wildcard cert and a cert specific for my server, to no avail. I’ve followed all the steps on the XMPP site and in the Wildfire SSL cert guide. It’s hard to recall everything I’ve done up to this point, but here are the key things that I have done:
-
Installed the 1.6 Unlimited Strength Java CryptographyExtension (JCE)
-
Used the JSK keytool to create a private key
-
Used keytool to create a CSR
-
Used the CSR to generate a cert on the XMPP.ORG site
-
Used the keytool to import the Startcom CA cert
-
Used the keytool to import the sub.class1.xmpp.ca cert
-
Used the keytool to import my issued cert
After doing all of this, and of course deleting the default self-signed certs, I receive the following exception in the Openfire console:
java.security.InvalidKeyException: Supplied key (null) is not a RSAPrivateKey instance
at org.bouncycastle.jce.provider.JDKDigestSignature.engineInitSign(Unknown Source)
at java.security.Signature$Delegate.engineInitSign(Unknown Source)
at java.security.Signature.initSign(Unknown Source)
at org.bouncycastle.jce.PKCS10CertificationRequest.(Unknown Source)
at org.bouncycastle.jce.PKCS10CertificationRequest.(Unknown Source)
at org.jivesoftware.util.CertificateManager.createSigningRequest(CertificateManage r.java:392)
at org.jivesoftware.openfire.admin.ssl_002dcertificates_jsp._jspService(ssl_002dce rtificates_jsp.java:548)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1093)
at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:11 8)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:66)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:42)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:70)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:146)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:206)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.j ava:829)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
I’ve found quite a few posts with users complaining of the same error, including these posts:
http://www.igniterealtime.org/community/message/179743#179743But after reading through all the posts, it’s clear there’s no definitive solution. I’ve also exchanged emails with Peter over at XMPP.ORG and he’s not sure what the issue is. But he did mention that he’s heard of quite a few issues getting certs installed in Openfire. Any ideas folks? If I cannot get this working I’ll need to revert back to a self signed cert, which I don’t want to do unless I have to. Thanks for any help.
-Ryan