[SOLVED] SSL installation on OpenFire (Linux)


I have been struggling for a week now to get a SSL certificate installed in Openfire.

Numerous guides on the internet have not helped at all.

Even after the certificate shows in the trustedstore, I have no way to import it via the web interface.

Importing and displaying via terminal also does not show up in the web interface.

The certificate is valid and working… just not on Openfire.

Any help will be greatly appreciated.

Using the Openfire admin console, you typically do this to import your certificates (although it sounds like you already found this):

  1. Server
  2. TLS Certificates
  3. Manage Store Contents (of the store that you want - by default, everything uses the same store anyway)
  4. “imported here” (that link is hidden somewhat in the text).
    If that does not import your certificate properly, something is wrong. Please have a look at your log files (<openfire_home>/logs/all.log combines logging statements for all levels) and see if a relevant message is being logged.

Thank you for the reply.

Using Openfire 3.6.4

For me it is located at Server > Server Settings > Server Certificates which would most likely be the same I think.

When there going to import, I provide the Passphrase, Private key and Certificate.

Then it just displays:

“There was an error one importing private key and signed certificate.”

As per above, it was already imported via terminal.

Unfortunately there is also no all.log file. There are from debug down to webchat logs, but no all.

Hmm, 3.6.4 is a pretty old version. Certificate management was modified a lot since then.

Without further error messages, it’ll be hard to diagnose the issue. Did you review the log files?

Checked the logs.

Something I did pick up is that the error.log is not populating.

Or rather last time it had entries was in September last year.

That’s suspicious. Either you have very little errors, or something is wrong. Perhaps a file permission problem?

“Have you tried turning it off and on again” (restarted Openfire)?


A lot of the guides online suggest that after the certificate import process.

As far as i remember there was an issue with logs not working on Linux in older versions. Could be 3.6.4. It was fixed eventually. I think it was related to s4j log or something.

Anyone have an idea about the script to update here?:

Haven’t tried it yet, but have it in place to pull the trigger.

From your past experience, will this work?

The script is for 3.10.0 version, so there is a chance that it won’t work and maybe even break something.

For what its worth, that script (after altering some of the paths and the correct .pem files) worked wonders!

Just had to change the ownership of the new keystore file and restarted Openfire.

Solved one time!