This could be that the root ca that signed your cert is not in the java store used by spark.
edit
Actually, I just hit this issue. I imported a new wildcard in openfire, and spark gave me fits. Turned out that I didn’t import the full chain with my cert. Once I did that, all was good.
I’ve imported the root CA that signed my cert (Comodo)
As far as the cert matching my 'xmpp.domain" it 100% matches my domain name.
My FQDN and domain name are the same on this server, as its not being tied into Active Directory or LDAP. Running seprate
HOWEVER – now suddenly, appears my Openfire server has lost its FQDN hostname setting?!
reverted back to ‘localhost’. I’ve tried to rename this setting within server properties, also within the DNS settings area… no dice. goes back to ‘localhost’
also made sure my /etc/hosts file was proper along with my hostname /etc/hostname
Spark 2.7.7 works beautifully without issue or complaint. Tried using latest version of Trillian client as well; works – however throws erronous warning how server certificate does not directly match. Even though within warning it says / shows the hostname/server being same exact FQDN
2.7.7 works because it doesn’t care what certificate you use. Is it expired, forged, no matter. So, another client tells you that your certificate doesn’t match. Try another one. Say Pidgin.
Had Trillian XMPP Server (trial) used a corp wild card cert. works beautifully without any issue. Then migrated to Openfire and tried using same exact wildcard SSL cert… issues. Even following various guides and even re-creating cert store and rebuilding.
I have a separate hosted openfire server that I’m now using with my Asterisk Servers with Asterisk-IM. However this cert issue is making me grind my gears and really pissing me off.
I just paid for a separate SSL cert to explicitly match the FQDN, and still issue…
Argh, I had this same exact freaking problem and was getting this error as well on my wildcard certificate. As speedy mentions, you have to include both your certificate and all of your certicate authority’s certificates in the chain in the same field to make it work.