Hi everyone,
I really hope that someone can help me with an issue I’m having. I’m trying to get 2 Openfire Servers to connect using TLS, and a set of certificates that I created using OpenSSL. Not having much luck with it though.
For my purposes, this is just going to be a stand-along test environment. I am using Microsoft Virtual PC, and have an instance of the Openfire server running on each virtual machine. I am using Spark as my chat client. The clients are able to communicate successfully across servers using dialback, or with self-signed certificates, but I’m having a major problem getting the OpenSSL certs to work. Shown below are the settings I’m using for TLS:
Openfire Console Settings:
(Server Manager >> System Properties)
xmpp.auth.anonymous true
xmpp.client.tls.policy required
xmpp.server.certificate.verify true
xmpp.server.dialback.enabled false
xmpp.server.tls.enabled true
xmpp.socket.ssl.active true
(Server Settings >> Security Settings)
Client Security is set to Required
Server COnnection Security is set to Required
When I created my certs in OpenSSL, I created both RSA and DSA certs for both servers. When I use the Openfire Console to import the certificates along with their respective private keys, it does so successfully. The console is succesfully displaying CA Signed for all of the certs. (I also created my own CA certs, 1 for RSA certs and 1 for DSA certs, that I import into the truststores using java keytool, before adding these certificates in the console)
The names of my Openfire Servers are vm2 and vm3. So… respectively the truststore for vm2 contains: my ca cert for rsa, ca cert for dsa, rsa cert for vm3, and dsa cert for vm3. The truststore for vm3 has the opposite, ca cert for rsa, ca cert for dsa, rsa cert for vm2, and dsa cert for vm2. Of course, all the default certificates are in the truststore too.
At this point, I’m not really sure if it’s a setting inside the Openfire Console that I’m forgetting to set, or if the problem is with my certificates. Of course I’m kinda leaning towards certificates.
Would anyone have any advice to lend? Or just other things I could possibly try? Right now I’m stumped.
-Lenny