I went through many threads and am not sure if i got it right - i also followed the guide as well…
-
Decide on your Openfire server’s domain.
-
Create a self-signed SSL server certificate for your server domain. Note: you may already have one if your Openfire server domain matches an existing web domain with SSL. If so, you can skip to step 4.
-
[Optional] Have a certificate authority (CA) certify the SSL server certificate.
-
Generate a certificate signing request (CSR).
-
Submit your CSR to a CA for signing.
-
Import the server certificate into the keystore. Note: if you are going to use a self-signed certificate generated in step 2, the certificate is already imported and you can skip this step.
-
Remove default certificates from the keystore.
-
Import client certificates into the truststore.
-
Adjust the Openfire configuration with proper keystore and truststore settings.
I basically want users to have their Certs ready to be checked when connecting to the server for authenticity - i dont see cert option in Sparc but some other chats do have cert capabilities… I got my domain name as “openfire” and here is where i tried both ways but not sure if worked at all… -
I used the default self signed through admin console so I went to step 5. I imported 2 certificates called test1 and test2 into the truststore. They are created by a CA I made called TestCerts. I added them fine with no errors. I did set the admin server settings to REQUIRE client connection security but “anyone” can still login and chat…
-
I tried creating a server certificate “openfire” and put it in successfully but still the same problem…
So I am a bit lost… i though choice 1 wouldve worked but not sure what i need to do to enforce client certs coming in?
thanks