Question about SSL, guide and certs

I went through many threads and am not sure if i got it right - i also followed the guide as well…

  1. Decide on your Openfire server’s domain.

  2. Create a self-signed SSL server certificate for your server domain. Note: you may already have one if your Openfire server domain matches an existing web domain with SSL. If so, you can skip to step 4.

  3. [Optional] Have a certificate authority (CA) certify the SSL server certificate.

  4. Generate a certificate signing request (CSR).

  5. Submit your CSR to a CA for signing.

  6. Import the server certificate into the keystore. Note: if you are going to use a self-signed certificate generated in step 2, the certificate is already imported and you can skip this step.

  7. Remove default certificates from the keystore.

  8. Import client certificates into the truststore.

  9. Adjust the Openfire configuration with proper keystore and truststore settings.
    I basically want users to have their Certs ready to be checked when connecting to the server for authenticity - i dont see cert option in Sparc but some other chats do have cert capabilities… I got my domain name as “openfire” and here is where i tried both ways but not sure if worked at all…

  10. I used the default self signed through admin console so I went to step 5. I imported 2 certificates called test1 and test2 into the truststore. They are created by a CA I made called TestCerts. I added them fine with no errors. I did set the admin server settings to REQUIRE client connection security but “anyone” can still login and chat…

  11. I tried creating a server certificate “openfire” and put it in successfully but still the same problem…

So I am a bit lost… i though choice 1 wouldve worked but not sure what i need to do to enforce client certs coming in?

thanks