powered by Jive Software

SSL Certificates in Cluster Environment

Hi at all,

does anyone have experiences with a CA Signed Certificates in a Hazlecast Cluster Environment?

I have 4 Cluster Nodes the are working all under the same domain. At the moment every machine has its own openfire generated self signed certificate. Now i want to use a Signed Certificate for the domain chat.example.com. Do i need to configure the same CA certificate on the four nodes? Or register for every machine a new single certificate? Or do i need a wildcard certificate? I’m using Comodo as CA.

Thank’s

django -

Maybe we can help each other given the little commercial support available for OpenFire. You would want to use a *.yourdomain.com cert and place it on all the servers. Then if you were using a load balancer you would want to place the certificate on that box as well (though MMC for windows). My problem is that I can’t get OpenFire to take my certificates through the web interface no matter what format or how I generate them in OpenSSL. Have you been able to upload a certificate into OpenFire that is signed by a CA. I’m currently running windows OpenFire boxes.

Thanks!

@Kevin

Has this worked for you to place the same certificate on all openfire nodes? Somehow or other i will try it :slight_smile:

I have no experience running OF under Windows. May be this guide could be a bit useful for you.

@django -

Finally found working steps for windows and was able to get my signed certificate in.

After performing the steps above I found that I had a error. This was beacuse I only had a RSA cert and not a DSA cert. I don’t need a DSA cert as almost all XMPP programs in the last X years support RSA. This guide towards the very bottom explained the errors that I had and why. Even with the errors it works.

I will now proceed to clustering given that I have the same certificate on box boxes now. I will let you know how it goes.

1 Like

The answer is quite simpel, like Kevin told before. Just import your certificate over the Adminpanel to all other cluster members