[SOLVED] SSL installation on OpenFire (Linux)

HavingIssues · May 10, 2016, 6:42am

Hi

I have been struggling for a week now to get a SSL certificate installed in Openfire.

Numerous guides on the internet have not helped at all.

Even after the certificate shows in the trustedstore, I have no way to import it via the web interface.

Importing and displaying via terminal also does not show up in the web interface.

The certificate is valid and working… just not on Openfire.

Any help will be greatly appreciated.

guus · May 10, 2016, 7:02am

Using the Openfire admin console, you typically do this to import your certificates (although it sounds like you already found this):

Server
TLS Certificates
Manage Store Contents (of the store that you want - by default, everything uses the same store anyway)
“imported here” (that link is hidden somewhat in the text).
If that does not import your certificate properly, something is wrong. Please have a look at your log files (<openfire_home>/logs/all.log combines logging statements for all levels) and see if a relevant message is being logged.

HavingIssues · May 10, 2016, 7:08am

Thank you for the reply.

Using Openfire 3.6.4

For me it is located at Server > Server Settings > Server Certificates which would most likely be the same I think.

When there going to import, I provide the Passphrase, Private key and Certificate.

Then it just displays:

“There was an error one importing private key and signed certificate.”

As per above, it was already imported via terminal.

Unfortunately there is also no all.log file. There are from debug down to webchat logs, but no all.

guus · May 10, 2016, 7:12am

Hmm, 3.6.4 is a pretty old version. Certificate management was modified a lot since then.

Without further error messages, it’ll be hard to diagnose the issue. Did you review the log files?

HavingIssues · May 10, 2016, 7:28am

Checked the logs.

Something I did pick up is that the error.log is not populating.

Or rather last time it had entries was in September last year.

guus · May 10, 2016, 7:31am

That’s suspicious. Either you have very little errors, or something is wrong. Perhaps a file permission problem?

“Have you tried turning it off and on again” (restarted Openfire)?

HavingIssues · May 10, 2016, 7:35am

Yes.

A lot of the guides online suggest that after the certificate import process.

wroot · May 10, 2016, 9:43am

As far as i remember there was an issue with logs not working on Linux in older versions. Could be 3.6.4. It was fixed eventually. I think it was related to s4j log or something.

HavingIssues · May 10, 2016, 12:12pm

Anyone have an idea about the script to update here?:

Haven’t tried it yet, but have it in place to pull the trigger.

From your past experience, will this work?

wroot · May 10, 2016, 12:17pm

The script is for 3.10.0 version, so there is a chance that it won’t work and maybe even break something.

HavingIssues · May 10, 2016, 12:38pm

For what its worth, that script (after altering some of the paths and the correct .pem files) worked wonders!

Just had to change the ownership of the new keystore file and restarted Openfire.

Solved one time!