SSL Cert Re-issue Time

Hey everyone.

I’m not very good at all this website management and SSL Certs, so bare with me here.

We have been running Open Fire for several years now, and last year, since we’ve added several new locations to our practice, moved Open Fire to the Cloud so that all of our offices could access. Each office has their own AD Domain, and that isn’t my department. If it were up to me, everything would have been put in the same forest and just kept the AD Auth for Open Fire the same as it always was.
Anyways, after a lot of reading and fumbling about, I finally got a SSL cert installed within the OF instance(a lot more trouble than I ever thought it would have been). Well, now it is time to re-issue the cert. However, the SA is requiring a CSR to re-issue the cert. I cannot for the life of me remember how to create one of these in Open Fire.
I have found several articles on this subject through google, but they are all dated 2017 and older and seem to not be relevant to the current version of OF.
If anyone has some more up-to-date information that they could share, that would be awesome.

Thank You!

Hi Brandon,

A CSR is generated from the private key that you are using. If you do not have a copy of that available, you can extract it from Openfire’s keystore. To make things more complicated: Openfire’s keystore is a Java keystore, which uses a proprietary format (JKS). It is doable to convert this into a more generally acceptable format, but that needs some work.

Please refer to Openfire: SSL Guide and combine that with Google queries for ‘extract private key from Java keystore’ and you should find everything that you need.

1 Like

Though, you didn’t give a direct answer, I did figure it out. My biggest problem was the extreme lack of documentation. Anything that I could find by searching was from Openfire 3.2.1 in 2017. The steps listed there are now a bit different.
It’s no big deal. I did find the rather hidden link to generate a new self signed cert that got me the Cert Signing Request(CSR) that I needed to reissue my SSL Cert. Once I found that, all was set.
The biggest problem was, the links in the Admin Control Panel are orange, and the text that the link was in was also orange. After reading through everything on that page again very slowly, I finally found the link. :slight_smile: