We are using openfire 3.6.0. We have installed openfire on 2 different servers and been having problems with signed CA ssl certificates. We have tried wildcard ssl certificate and xmpp ssl certifcate.
Our latest server we went through the process of xmpp ssl certificate in install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files and followed the instructions from xmpp (http://xmpp.org/ca/installation.shtml). All with no problems.
In openfire, imported the xmpp info and with no problems. On the Server Information, under Server Properties it shows ! yellow icon beside Server Name. the cert and server name is the same domain. I know in a previous discussions this is just a small bug and don’t worry about it.
In server >> server settings >> server certificates. Importing worked. It shows it accepted the certificate. With the other server and wildcard server same thing.
With spark 2.5.8, we cannot log on. If we delete imported certificates and select self-signed (with no CA signed), we can log on.
Please advise. We have been trying and trying here and we NEED secure communications.
I wanted to give people an update for others who maybe having trouble. importing an existing xmpp ssl certificate would not work for me. So I’ve cancelled our xmpp and in openfire create a self-signed certificate. then went to xmpp.org to create a ssl with an existing csr (from openfire). Our new xmpp got approved. When I copy/paste into RSA and DSA self-signed certificate, it would not work. It would only work for RSA. RSA CSR is what I copy/paste to xmpp to approve.
so this is what I have RSA (originally self-signed) status is CA signed. DSA self-signed. This is working. I see in server information that our port 5222 is secured.
I have had problems with openfire seeming to corrupt the keystore when it restarted…I know it’s not the problem described above, but in case it was related - here is what worked for me…
SSL Cert with Private key installed in the IIS as the CSR was issued there. the certificate is in use for other live services, so cannot be cancelled or modified. is a wildcard cert “*.domain.com”.
I have followed the guide for SSL, but doesn’t seem to work for me. I have an *.pfx file obtained from my SSL cert issuer. How can I manage to install/convert and install that file in Open Fire? Does anybody have a guide, or a combination of guides to sort this?
Usng OpenSLL I tried to obtain the Private key and Certificate from the PFX and import it through the web GUI, but unsuccessful.