powered by Jive Software

Securing openfire admin port with https

using openfire 3.6.2. ubuntu 8.04 LTS. apache2. java6. I am trying have our openfire secure port work over https with no certificate errors like “There is a problem with this website’s security certificate.” shows in IE. I have a signed CA trusted certificate.

Hi,

what is the problem with the certificate? Is it still valid, does the common name match?

LG

I have an xmpp.org valid certificate installed. With our self-signed certificate in openfire admin cp, I’d filled out the issuer information, sent it to xmpp and it is approved. In openfire admin cp there 1 same certificate with 2 rows - RSA and DSA. When I enter the info from our CA, no problem with RSA, but does not like DSA. Tried it with our wildcard CA approved certificate and this does not work.

What I am trying to achieve is secure connections for communications including through the browser and using port 9091 (The port used for secured Admin Console access). Please provide advice.

Here is the info under server settings >> server certificates

sub-domain.domain.con (sub-domain.domain.com_rsa)
Nov 7, 2009
The certificate has been signed by a Certificate Authority. Clients and servers should accept the certificate unless they not trust on the Certificate Authority that signed the certificate.
CA Signed
RSA

*.sub-domain.domain.com (sub-domain.domain.com_dsa)
Oct 12, 2013
Self-signed certificates should be signed by a Certificate Authority to be trusted and accepted by clients and other servers.
Self signed
DSA

note: sub-domain.domain.com is server name.

Hi,

Have you tried this with Openfire 3.6.3 ? There were SSL cert fixes made, but I am not sure if they address your issue.

daryl

I will give openfire 3.6.3 a try and update here. thank you for letting me know.

Yes it does work for openfire 3.6.3. I have tried it in the past with openfire 3.6.2, 3.6.1 and 3.5.1 and would not work. I was able to import our xmpp and wildcard CA signed certificates and with our admin cp secure port, it is secured.