The question: If, when using openfire and spark, the certificates on openfire are unsigned, is there a way to make spark prompt for the user to trust/accept them? (like for example, the way iChat will on OSX)
I’m completely new to spark and openfire and I’m trying to find a good secure IM solution. However, I’m going to self-sign the certificates. I want to have the user see “something” about the server cert (fingerprint, etc) so they know they’re not involved in a Man-in-the-Middle attack.
At the moment Spark does no checking of the server certificate, so the answer is “you assume”, which is to say you cant be 100% certain. In trunk (unreleased as of yet) there are improvements that allow for PKI auth, which require proper validation of the peer certificate, but there is still no way to view the certificate from Spark.