Openfire expects to have two server certificates (RSA and DSA) and complains if one is missing. I’ve found that XMPP clients can still make a secure connection when there is a single cert, but the secure admin console on port 9091 is disabled. Secure HTTP binding on port 7443 is also disabled. As a workaround, I’m using stunnel to provide secure access to the admin console, but this isn’t 100% satisfactory, since during the login process, the admin console redirects the browser to an HTTP URL, which has to be fixed up manually.
I’m using a single DSA cert from startcom.org, which complains about the RSA cert request being insecure, and in any case, doesn’t seem to want to provide two certs for the same host.
Have I overlooked a better solution? Any insights much appreciated.