powered by Jive Software

SSL cert import

I’m trying to import SSL cert. If I generate a request myself and get it signed, I get a message:

Certificate Authority reply was imported successfully.

But the cert never show up on the Admin interface.

If I use openfire to generate an RSA cert, then have it signed, it accepts the reply but status never changes from “Pending Verification”

Hey Nathan,

Have you checked the logs for related errors? Have you verified that the root certificate of the signing CA is present in Openfire?

Regards,

– Gato

Nothing in the logs when I do the import. The only thing I see on startup is this:

2008.03.21 10:28:13 Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.

Is there some sort of debug that would show more about the import of ssl ?

When I enter the certificate, I am using the certificate chain version, is that what you mean by the Root CA ? How would I verify that openfire has the root CA ?

Hey Nathan,

Unfortunately, there is no other debug information when importing certificates. You can use the keytool command line to see the certificates in the keystore and truststore files. Go to [openfire home]/resources/security and execute the following command lines:

keytool -list -v -keystore keystore

Use this command line to see the certificates imported into Openfire or the self-signed certs created by the server. Pay attention to your certificate and its listed chain.

keytool -list -v -keystore truststore

Use this command line to see the certificates that you server can trust. When you are using a CA that is unknown to Openfire (i.e. Java and XMPP) then you will need to import the root certificate of your Certificate Authority (CA) into this file. You can use the same ketool tool to import root certificates.

FYI, the default password for those files is changeit.

Regards,

– Gato