Replying to my own question, it’s best to just import the self-signed certificate from OpenFire into Apple’s Keychain.
Here is a shell script that I wrote to import the cert on all of our Macs. You can do this using Apple’s Remote Desktop, LanRev, Filewave, Radmind, or whatever tool you use.
# This script is for importing certificates into Tiger and Leopard
certtool i /Users/Shared/Certs/im.yourdomain.pem v k=/System/Library/Keychains/X509Anchors
certtool i /Users/Shared/Certs/im.yourdomain.org.pem v k=/System/Library/Keychains/X509Anchors
security add-trusted-cert -d -r trustAsRoot -k “/Library/Keychains/System.keychain” /Users/Shared/Certs/im.yourdomain.cer