To secure communication between Spark and Openfire, TLS encryption is used. To be able to use TLS, the server needs to provide a certificate that identifies the server to any client that tries to negotiate TLS. By default, Openfire will generate a self-signed certificate for this purpose. With the default settings, Spark will not accept a self-signed certificate (as it does not recognize it). That is what appears to be going wrong with your setup. You could configure Openfire to use a certificate that is recognized by Spark. You could also add Openfire’s self-signed certificate to each Spark installation, so that it is recognized by Spark, or you could reconfigure or disable TLS in a couple of other ways that causes Spark to not use or ignore the unrecognized certificate. That is obviously a less secure options.