Remove both certificates for 127.0.0.1 from Certificados de Openfire (red button with a cross).
Change Domino field on Spark login window to cefax.lan. But keep the IP in the Servidor field on the Avanzado screen.
Btw, certificates for 127.0.0.1 already were expired since last year. You should look after your certificates. If you are using expired certificates, then there is no point to use SSL\TLS at all…
You might also want to remove those screenshots or hide the IP, so nobody will see your server’s IP