Ssl certificates in openfire

We are using openfire 3.6.0. We have installed openfire on 2 different servers and been having problems with signed CA ssl certificates. We have tried wildcard ssl certificate and xmpp ssl certifcate.

Our latest server we went through the process of xmpp ssl certificate in install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files and followed the instructions from xmpp ( All with no problems.

In openfire, imported the xmpp info and with no problems. On the Server Information, under Server Properties it shows ! yellow icon beside Server Name. the cert and server name is the same domain. I know in a previous discussions this is just a small bug and don’t worry about it.

In server >> server settings >> server certificates. Importing worked. It shows it accepted the certificate. With the other server and wildcard server same thing.

With spark 2.5.8, we cannot log on. If we delete imported certificates and select self-signed (with no CA signed), we can log on.

Please advise. We have been trying and trying here and we NEED secure communications.

where port should we use for ssl 5222 or 5223?

I wanted to give people an update for others who maybe having trouble. importing an existing xmpp ssl certificate would not work for me. So I’ve cancelled our xmpp and in openfire create a self-signed certificate. then went to to create a ssl with an existing csr (from openfire). Our new xmpp got approved. When I copy/paste into RSA and DSA self-signed certificate, it would not work. It would only work for RSA. RSA CSR is what I copy/paste to xmpp to approve.

so this is what I have RSA (originally self-signed) status is CA signed. DSA self-signed. This is working. I see in server information that our port 5222 is secured.

If anyone has any more advice, please provide.

Did you find a solution? I have exact same problem.

No solution yet.

Thank you.

*** DELETED ***

I have had problems with openfire seeming to corrupt the keystore when it restarted…I know it’s not the problem described above, but in case it was related - here is what worked for me…


This is what I did in Linux (CentOS 5.4)

First create a key, cert, and obtain the ca (usually /usr/share/ssl/cert.pem)

Import the CA cert

cd /opt/openfire/resources/security/
   keytool -importcert -trustcacerts -keystore truststore -storepass changeit -noprompt -alias mepersonalca -file cert.pem

Restart Openfire

service openfire restart

Go to Server Certificates (in the Web Interface on port 9090) and import key and cert. Make sure the key and cert are in PEM format

I put together a doc on setting up an ssl CA if you are interested.

Hi all:

I have a similar issue:

Windows 2008 R2 Sp1 Server

Open Fire 3.7.1

SSL Cert with Private key installed in the IIS as the CSR was issued there. the certificate is in use for other live services, so cannot be cancelled or modified. is a wildcard cert “*”.

I have followed the guide for SSL, but doesn’t seem to work for me. I have an *.pfx file obtained from my SSL cert issuer. How can I manage to install/convert and install that file in Open Fire? Does anybody have a guide, or a combination of guides to sort this?

Usng OpenSLL I tried to obtain the Private key and Certificate from the PFX and import it through the web GUI, but unsuccessful.

Many thanks for your help in advance, regards,